Skip to content

Commit

Permalink
Merge pull request #224 from dcermak/selinux-flags
Browse files Browse the repository at this point in the history
Only add SELinux flags to ContainerVolumeBase.flags if the flags are None
  • Loading branch information
dcermak authored Aug 30, 2024
2 parents 2d2cc46 + 27011b4 commit 6ebfb68
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 8 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ Next Release

Breaking changes:

- Change addition of SELinux flags to volumes: SELinux flags are only added if
:py:attr:`~pytest_container.container.ContainerVolumeBase.flags` is ``None``.

Improvements and new features:

Expand Down
17 changes: 9 additions & 8 deletions pytest_container/container.py
Original file line number Diff line number Diff line change
Expand Up @@ -175,9 +175,13 @@ class ContainerVolumeBase:
#:
#: Note that some flags are mutually exclusive and potentially not supported
#: by all container runtimes.
#:
#: The :py:attr:`VolumeFlag.SELINUX_PRIVATE` flag will be added by default
#: to the flags unless :py:attr:`ContainerVolumeBase.shared` is ``True``.
flags: List[VolumeFlag] = field(default_factory=list)
#: if flags is ``None``, unless :py:attr:`ContainerVolumeBase.shared` is
#: ``True``, then :py:attr:`VolumeFlag.SELINUX_SHARED` is added.
#:
#: If flags is a list (even an empty one), then no flags are added.
flags: Optional[List[VolumeFlag]] = None

#: Define whether this volume should can be shared between
#: containers. Defaults to ``False``.
Expand All @@ -191,15 +195,12 @@ class ContainerVolumeBase:
_vol_name: str = ""

def __post_init__(self) -> None:
if (
VolumeFlag.SELINUX_PRIVATE not in self.flags
and VolumeFlag.SELINUX_SHARED not in self.flags
):
self.flags.append(
if self.flags is None:
self.flags = [
VolumeFlag.SELINUX_SHARED
if self.shared
else VolumeFlag.SELINUX_PRIVATE
)
]

for mutually_exclusive_flags in (
(VolumeFlag.READ_ONLY, VolumeFlag.READ_WRITE),
Expand Down
16 changes: 16 additions & 0 deletions tests/test_volumes.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,22 @@ def test_adds_selinux(volume: ContainerVolumeBase, expected_flag: VolumeFlag):
assert volume.flags[0] == expected_flag


@pytest.mark.parametrize(
"volume,flags",
[
(ContainerVolume("/foo", flags=[]), []),
(
ContainerVolume("/bar/", flags=[VolumeFlag.READ_ONLY]),
[VolumeFlag.READ_ONLY],
),
],
)
def test_does_not_add_selinux_if_flags_is_list(
volume: ContainerVolumeBase, flags: List[VolumeFlag]
) -> None:
assert volume.flags == flags


@pytest.mark.parametrize(
"flags",
[
Expand Down

0 comments on commit 6ebfb68

Please sign in to comment.