Kaydet (Commit) 5452670b authored tarafından Joffrey F's avatar Joffrey F

Merge pull request #314 from mantiz/add-support-to-add-or-drop-capabilities

add support to add or drop capabilities
......@@ -232,7 +232,8 @@ Identical to the `docker search` command.
```python
c.start(container, binds=None, port_bindings=None, lxc_conf=None,
publish_all_ports=False, links=None, privileged=False,
dns=None, dns_search=None, volumes_from=None, network_mode=None, restart_policy=None)
dns=None, dns_search=None, volumes_from=None, network_mode=None,
restart_policy=None, cap_add=None, cap_drop=None)
```
Similar to the `docker start` command, but doesn't support attach
......@@ -278,6 +279,15 @@ for example:
}
```
`cap_add` and `cap_drop` are available since v1.2.0 and can be used to add or drop certain capabilities.
The user may specify the capabilities as an array for example:
```
[
"SYS_ADMIN",
"MKNOD"
]
```
```python
c.stop(container, timeout=10)
......
......@@ -807,7 +807,7 @@ class Client(requests.Session):
def start(self, container, binds=None, port_bindings=None, lxc_conf=None,
publish_all_ports=False, links=None, privileged=False,
dns=None, dns_search=None, volumes_from=None, network_mode=None,
restart_policy=None):
restart_policy=None, cap_add=None, cap_drop=None):
if isinstance(container, dict):
container = container.get('Id')
......@@ -869,6 +869,12 @@ class Client(requests.Session):
if restart_policy:
start_config['RestartPolicy'] = restart_policy
if cap_add:
start_config['CapAdd'] = cap_add
if cap_drop:
start_config['CapDrop'] = cap_drop
url = self._url("/containers/{0}/start".format(container))
res = self._post_json(url, data=start_config)
self._raise_for_status(res)
......
......@@ -841,6 +841,56 @@ class DockerClientTest(Cleanup, unittest.TestCase):
docker.client.DEFAULT_TIMEOUT_SECONDS
)
def test_start_container_with_added_capabilities(self):
try:
self.client.start(fake_api.FAKE_CONTAINER_ID,
cap_add=['MKNOD'])
except Exception as e:
self.fail('Command should not raise exception: {0}'.format(e))
args = fake_request.call_args
self.assertEqual(
args[0][0],
url_prefix + 'containers/3cc2351ab11b/start'
)
self.assertEqual(
json.loads(args[1]['data']),
{"PublishAllPorts": False, "Privileged": False,
"CapAdd": ["MKNOD"]}
)
self.assertEqual(
args[1]['headers'],
{'Content-Type': 'application/json'}
)
self.assertEqual(
args[1]['timeout'],
docker.client.DEFAULT_TIMEOUT_SECONDS
)
def test_start_container_with_dropped_capabilities(self):
try:
self.client.start(fake_api.FAKE_CONTAINER_ID,
cap_drop=['MKNOD'])
except Exception as e:
self.fail('Command should not raise exception: {0}'.format(e))
args = fake_request.call_args
self.assertEqual(
args[0][0],
url_prefix + 'containers/3cc2351ab11b/start'
)
self.assertEqual(
json.loads(args[1]['data']),
{"PublishAllPorts": False, "Privileged": False,
"CapDrop": ["MKNOD"]}
)
self.assertEqual(
args[1]['headers'],
{'Content-Type': 'application/json'}
)
self.assertEqual(
args[1]['timeout'],
docker.client.DEFAULT_TIMEOUT_SECONDS
)
def test_resize_container(self):
try:
self.client.resize(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment