Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for container kernel capabilities #716

Merged
merged 1 commit into from
Jun 4, 2021
Merged

Add support for container kernel capabilities #716

merged 1 commit into from
Jun 4, 2021

Conversation

jbenden
Copy link
Contributor

@jbenden jbenden commented Jun 1, 2021

This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag --cap-add allows for new
capabilities on the workflow containers; where as,

The command-line flag --cap-drop allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add SYS_PTRACE
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden joe@benden.us

@jbenden jbenden requested a review from a team as a code owner June 1, 2021 22:12
@catthehacker
Copy link
Member

Please change flags to --container-cap-add / --container-cap-drop

@jbenden
Add support for container kernel capabilities
05385e7 
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
@codecov
Copy link

codecov bot commented Jun 3, 2021

Codecov Report

Merging #716 (05385e7) into master (0f04942) will increase coverage by 1.18%.
The diff coverage is 59.06%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #716      +/-   ##
==========================================
+ Coverage   49.27%   50.45%   +1.18%     
==========================================
  Files          23       23              
  Lines        2401     2537     +136     
==========================================
+ Hits         1183     1280      +97     
- Misses       1090     1116      +26     
- Partials      128      141      +13
Impacted Files Coverage Δ
pkg/container/docker_run.go 1.84% <0.00%> (-0.09%) ⬇️
pkg/common/git.go 53.08% <30.15%> (-6.72%) ⬇️
pkg/model/workflow.go 30.71% <33.33%> (+5.00%) ⬆️
pkg/model/planner.go 34.56% <41.37%> (+1.48%) ⬆️
pkg/container/docker_pull.go 36.17% <64.70%> (+17.98%) ⬆️
pkg/runner/step_context.go 71.99% <71.64%> (+3.04%) ⬆️
pkg/runner/run_context.go 79.84% <95.31%> (+3.44%) ⬆️
pkg/runner/command.go 90.58% <100.00%> (+2.35%) ⬆️
pkg/runner/runner.go 76.92% <100.00%> (+0.45%) ⬆️
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8a9167d...05385e7. Read the comment docs.

@mergify mergify bot requested a review from a team June 3, 2021 17:05
@mergify mergify bot merged commit 6b4d359 into nektos:master Jun 4, 2021
@catthehacker catthehacker mentioned this pull request Nov 13, 2021
Merged
catthehacker pushed a commit to catthehacker/act-fork that referenced this pull request Nov 14, 2021
feat: add option for docker image rebuild
9de5734 
Adds option to rebuild local action docker images
which is enabled by default

Fixed up README due to missing flags after
PR nektos#714 and nektos#716

Signed-off-by: hackercat <me@hackerc.at>
catthehacker pushed a commit to catthehacker/act-fork that referenced this pull request Nov 22, 2021
feat: add option for docker image rebuild
0f538a8 
Adds option to rebuild local action docker images
which is enabled by default

Fixed up README due to missing flags after
PR nektos#714 and nektos#716

Signed-off-by: hackercat <me@hackerc.at>
catthehacker pushed a commit to catthehacker/act-fork that referenced this pull request Nov 22, 2021
feat: add option for docker image rebuild
4061ccc 
Adds option to rebuild local action docker images

Fixed up README due to missing flags after
PR nektos#714 and nektos#716

Signed-off-by: hackercat <me@hackerc.at>
cplee pushed a commit that referenced this pull request Nov 24, 2021
@mergify
feat: add option for docker image rebuild (#878)
8ad6c07 
Adds option to rebuild local action docker images

Fixed up README due to missing flags after
PR #714 and #716

Signed-off-by: hackercat <me@hackerc.at>

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catthehacker catthehacker catthehacker approved these changes

@cplee cplee cplee approved these changes

Assignees
No one assigned
Labels
size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jbenden @catthehacker @cplee