Add support for security opts on containers #3149
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Once, a long long time ago, we had aspirations of including a more structured way to handle security permissions in Swarmkit.
Unfortunately, this never panned out. Rather than continuing to stagnate on a might-be, this change simply add in support for the --security-opt flag and its API equivalents directly. Perfect shouldn't be the enemy of good enough.
- How I did it
Adds a
security_opt
field to the protobuf definition of ContainerSpec. There aren't actually any other changes needed in Swarmkit. This field will get passed into Swarmkit, then passed from Swarmkit to the executor (which lives in the engine). Swarmkit never needs to care about it.- How to test it
Not needed.