Rename --device-access to --devices

This makes parameters more consistent. Also, describe the new parameter in man page. Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2024-05-25 01:56:14 +02:00 · 2022-10-19 16:34:46 +02:00 · 2022-10-19 16:34:46 +02:00 · 34c0f13758
parent 0d3e3194e2
commit 34c0f13758
4 changed files with 17 additions and 14 deletions
--- a/tests/test_main.py
+++ b/tests/test_main.py
@ -361,8 +361,8 @@ class TestBase(unittest.TestCase):
                "udica",
                "-j",
                "tests/test_devices.podman.json",
-                "--device-access",
-                "/dev/fd0",
+                "--devices",
+                "/dev/fb0",
                "my_container",
            ]
        )
--- a/udica/main.py
+++ b/udica/main.py
@ -99,6 +99,14 @@ def get_args():
        dest="Caps",
        default=None,
    )
+    parser.add_argument(
+        "--devices",
+        type=str,
+        help='List of devices the container should have access to, e.g "--devices /dev/dri/card0,/dev/dri/renderD128"',
+        dest="Devices",
+        required=False,
+        default=None,
+    )
    parser.add_argument(
        "-d",
        "--ansible",
@ -127,14 +135,6 @@ def get_args():
        required=False,
        default="-",
    )
-    parser.add_argument(
-        "--device-access",
-        help='List of devices the container should have access to, e.g "--device-access /dev/dri/card0,/dev/dri/renderD128"',
-        required=False,
-        default=None,
-        type=str,
-        dest="DeviceAccess",
-    )
    args = parser.parse_args()
    return vars(args)

--- a/udica/man/man8/udica.8
+++ b/udica/man/man8/udica.8
@ -53,6 +53,11 @@ Load templates and module created by this tool
 List of capabilities, for example: "\-c AUDIT\_WRITE,CHOWN,DAC\_OVERRIDE,FOWNER,FSETID,KILL"
 (mandatory to use for Docker Engine, see the BUGS section)

+.TP
+.I  \-\-devices DEVS
+List of devices the container should have access to, e.g "\-\-devices /dev/dri/card0,/dev/dri/renderD128"
+(overrides devices specified in the conatiner JSON)
+
 .TP
 .I  \-a, \-\-append-rules FILE
 Append more SELinux allow rules generated from SELinux denials in audit daemon.
--- a/udica/policy.py
+++ b/udica/policy.py
@ -173,10 +173,8 @@ def create_policy(
    # devices
    # Not applicable for CRI-O container engine
    if inspect_format != "CRI-0":
-        if not devices and opts["DeviceAccess"]:
-            devices = [
-                {"PathOnHost": device} for device in opts["DeviceAccess"].split(",")
-            ]
+        if opts["Devices"]:
+            devices = [{"PathOnHost": device} for device in opts["Devices"].split(",")]
        write_policy_for_podman_devices(devices, policy)

    # mounts