Merge pull request #2455 from solidm/selinux

Add support for 'z' and 'Z' option for volumes for selinux hosts
This commit is contained in:
Brian Coca 2015-12-12 12:59:27 -05:00
commit 38d651fb82

View file

@ -79,8 +79,10 @@ options:
version_added: "1.5" version_added: "1.5"
volumes: volumes:
description: description:
- List of volumes to mount within the container using docker CLI-style - List of volumes to mount within the container
- 'syntax: C(/host:/container[:mode]) where "mode" may be "rw" or "ro".' - 'Use docker CLI-style syntax: C(/host:/container[:mode])'
- You can specify a read mode for the mount with either C(ro) or C(rw). SELinux hosts can additionally
use C(z) or C(Z) mount options to use a shared or private label for the volume.
default: null default: null
volumes_from: volumes_from:
description: description:
@ -626,14 +628,14 @@ class DockerManager(object):
# host mount (e.g. /mnt:/tmp, bind mounts host's /tmp to /mnt in the container) # host mount (e.g. /mnt:/tmp, bind mounts host's /tmp to /mnt in the container)
elif 2 <= len(parts) <= 3: elif 2 <= len(parts) <= 3:
# default to read-write # default to read-write
ro = False mode = 'rw'
# with supplied bind mode # with supplied bind mode
if len(parts) == 3: if len(parts) == 3:
if parts[2] not in ['ro', 'rw']: if parts[2] not in ["rw", "rw,Z", "rw,z", "z,rw", "Z,rw", "Z", "z", "ro", "ro,Z", "ro,z", "z,ro", "Z,ro"]:
self.module.fail_json(msg='bind mode needs to either be "ro" or "rw"') self.module.fail_json(msg='invalid bind mode ' + parts[2])
else: else:
ro = parts[2] == 'ro' mode = parts[2]
self.binds[parts[0]] = {'bind': parts[1], 'ro': ro } self.binds[parts[0]] = {'bind': parts[1], 'mode': mode }
else: else:
self.module.fail_json(msg='volumes support 1 to 3 arguments') self.module.fail_json(msg='volumes support 1 to 3 arguments')
@ -1197,10 +1199,7 @@ class DockerManager(object):
for host_path, config in self.binds.iteritems(): for host_path, config in self.binds.iteritems():
if isinstance(config, dict): if isinstance(config, dict):
container_path = config['bind'] container_path = config['bind']
if config['ro']: mode = config['mode']
mode = 'ro'
else:
mode = 'rw'
else: else:
container_path = config container_path = config
mode = 'rw' mode = 'rw'