diff --git a/sources/api/ecs-settings-applier/README.md b/sources/api/ecs-settings-applier/README.md index 2135a8533dd..7c936ece720 100644 --- a/sources/api/ecs-settings-applier/README.md +++ b/sources/api/ecs-settings-applier/README.md @@ -7,7 +7,8 @@ Current version: 0.1.0 ecs-settings-applier generates a configuration file for the ECS agent from Bottlerocket settings. The configuration file for ECS is a JSON-formatted document with conditionally-defined keys and -embedded lists. +embedded lists. The structure and names of fields in the document can be found +[here](https://github.com/aws/amazon-ecs-agent/blob/a250409cf5eb4ad84a7b889023f1e4d2e274b7ab/agent/config/types.go). ## Colophon diff --git a/sources/api/ecs-settings-applier/src/ecs.rs b/sources/api/ecs-settings-applier/src/ecs.rs index 60640914952..2c6a447fdaf 100644 --- a/sources/api/ecs-settings-applier/src/ecs.rs +++ b/sources/api/ecs-settings-applier/src/ecs.rs @@ -4,7 +4,8 @@ ecs-settings-applier generates a configuration file for the ECS agent from Bottlerocket settings. The configuration file for ECS is a JSON-formatted document with conditionally-defined keys and -embedded lists. +embedded lists. The structure and names of fields in the document can be found +[here](https://github.com/aws/amazon-ecs-agent/blob/a250409cf5eb4ad84a7b889023f1e4d2e274b7ab/agent/config/types.go). */ use log::debug; use serde::Serialize; @@ -38,6 +39,9 @@ struct ECSConfig { #[serde(rename = "TaskIAMRoleEnabledForNetworkHost")] task_iam_role_enabled_for_network_host: bool, + + #[serde(rename = "SELinuxCapable")] + selinux_capable: bool, } // Returning a Result from main makes it print a Debug representation of the error, but with Snafu @@ -76,6 +80,9 @@ fn run() -> Result<()> { // Task role support is always enabled task_iam_role_enabled: true, task_iam_role_enabled_for_network_host: true, + + // SELinux is always available + selinux_capable: true, ..Default::default() }; if let Some(os) = settings.os {