From 43bbdfb06227d18cb90b8ea70f3bccff0f678dd2 Mon Sep 17 00:00:00 2001
From: Christophe de Dinechin <dinechin@redhat.com>
Date: Fri, 3 Mar 2023 22:45:21 +0100
Subject: [PATCH] exec: Add missing arguments

Add the missing arguments for the exec subcommand.
Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md

Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
---
 crates/liboci-cli/src/exec.rs | 41 +++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/crates/liboci-cli/src/exec.rs b/crates/liboci-cli/src/exec.rs
index bc60b593ea..458080ab74 100644
--- a/crates/liboci-cli/src/exec.rs
+++ b/crates/liboci-cli/src/exec.rs
@@ -4,6 +4,7 @@ use std::path::PathBuf;
 use clap::Parser;
 
 /// Execute a process within an existing container
+/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-exec.8.md
 #[derive(Parser, Debug)]
 pub struct Exec {
     /// Unix socket (file) path , which will receive file descriptor of the writing end of the pseudoterminal
@@ -20,6 +21,12 @@ pub struct Exec {
     /// Environment variables that should be set in the container
     #[clap(short, long, value_parser = parse_key_val::<String, String>, number_of_values = 1)]
     pub env: Vec<(String, String)>,
+    /// Run the command as a user
+    #[clap(short, long, value_parser = parse_colon_separated_pair::<u32, u32>)]
+    pub user: Option<(u32, Option<u32>)>,
+    /// Add additional group IDs. Can be specified multiple times
+    #[clap(long, short = 'g', number_of_values = 1)]
+    pub additional_gids: Vec<u32>,
     /// Prevent the process from gaining additional privileges
     #[clap(long)]
     pub no_new_privs: bool,
@@ -29,6 +36,24 @@ pub struct Exec {
     /// Detach from the container process
     #[clap(short, long)]
     pub detach: bool,
+    /// Set the asm process label for the process commonly used with selinux
+    #[clap(long)]
+    pub process_label: String,
+    /// Set the apparmor profile for the process
+    #[clap(long)]
+    pub apparmor: String,
+    /// Add a capability to teh bounding set for the process
+    #[clap(long, number_of_values = 1)]
+    pub cap: Vec<String>,
+    /// Pass N additional file descriptors to the containe
+    #[clap(long, default_value = "0")]
+    pub preserve_fds: i32,
+    /// Allow exec in a paused container
+    #[clap(long)]
+    pub ignore_paused: bool,
+    /// Execute a process in a sub-cgroup
+    #[clap(long)]
+    pub cgroup: Option<String>,
     /// Identifier of the container
     #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)]
     pub container_id: String,
@@ -49,3 +74,19 @@ where
         .ok_or_else(|| format!("invalid KEY=value: no `=` found in `{s}`"))?;
     Ok((s[..pos].parse()?, s[pos + 1..].parse()?))
 }
+
+fn parse_colon_separated_pair<T, U>(
+    s: &str,
+) -> Result<(T, Option<U>), Box<dyn Error + Send + Sync + 'static>>
+where
+    T: std::str::FromStr,
+    T::Err: Error + Send + Sync + 'static,
+    U: std::str::FromStr,
+    U::Err: Error + Send + Sync + 'static,
+{
+    if let Some(pos) = s.find(':') {
+        Ok((s[..pos].parse()?, Some(s[pos + 1..].parse()?)))
+    } else {
+        Ok((s.parse()?, None))
+    }
+}