Skip to content

Commit

Permalink
exec: Add missing arguments
Browse files Browse the repository at this point in the history
Add the missing arguments for the exec subcommand.
Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md

Signed-off-by: Christophe de Dinechin <[email protected]>
  • Loading branch information
c3d committed Mar 3, 2023
1 parent c471c95 commit 43bbdfb
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions crates/liboci-cli/src/exec.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use std::path::PathBuf;
use clap::Parser;

/// Execute a process within an existing container
/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md
#[derive(Parser, Debug)]
pub struct Exec {
/// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal
Expand All @@ -20,6 +21,12 @@ pub struct Exec {
/// Environment variables that should be set in the container
#[clap(short, long, value_parser = parse_key_val::<String, String>, number_of_values = 1)]
pub env: Vec<(String, String)>,
/// Run the command as a user
#[clap(short, long, value_parser = parse_colon_separated_pair::<u32, u32>)]
pub user: Option<(u32, Option<u32>)>,
/// Add additional group IDs. Can be specified multiple times
#[clap(long, short = 'g', number_of_values = 1)]
pub additional_gids: Vec<u32>,
/// Prevent the process from gaining additional privileges
#[clap(long)]
pub no_new_privs: bool,
Expand All @@ -29,6 +36,24 @@ pub struct Exec {
/// Detach from the container process
#[clap(short, long)]
pub detach: bool,
/// Set the asm process label for the process commonly used with selinux
#[clap(long)]
pub process_label: String,
/// Set the apparmor profile for the process
#[clap(long)]
pub apparmor: String,
/// Add a capability to teh bounding set for the process
#[clap(long, number_of_values = 1)]
pub cap: Vec<String>,
/// Pass N additional file descriptors to the containe
#[clap(long, default_value = "0")]
pub preserve_fds: i32,
/// Allow exec in a paused container
#[clap(long)]
pub ignore_paused: bool,
/// Execute a process in a sub-cgroup
#[clap(long)]
pub cgroup: Option<String>,
/// Identifier of the container
#[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)]
pub container_id: String,
Expand All @@ -49,3 +74,19 @@ where
.ok_or_else(|| format!("invalid KEY=value: no `=` found in `{s}`"))?;
Ok((s[..pos].parse()?, s[pos + 1..].parse()?))
}

fn parse_colon_separated_pair<T, U>(
s: &str,
) -> Result<(T, Option<U>), Box<dyn Error + Send + Sync + 'static>>
where
T: std::str::FromStr,
T::Err: Error + Send + Sync + 'static,
U: std::str::FromStr,
U::Err: Error + Send + Sync + 'static,
{
if let Some(pos) = s.find(':') {
Ok((s[..pos].parse()?, Some(s[pos + 1..].parse()?)))
} else {
Ok((s.parse()?, None))
}
}

0 comments on commit 43bbdfb

Please sign in to comment.