Handle sysctls maps

- Add support to handle sysctls maps. - Directly raise an error if sysctls is neither an array nor map instead of letting podman fail with an unhelpful message. Support for sysctls arrays was added in #261. Fixes #754: sysctls only works with arrays, not maps Signed-off-by: lemmi <lemmi@nerd2nerd.org>
containers · Mar 9, 2024 · a9c335b · a9c335b
1 parent e67c52f
commit a9c335b
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 2 deletions.
diff --git a/podman_compose.py b/podman_compose.py
@@ -956,8 +956,18 @@ async def container_to_args(compose, cnt, detached=True):
  podman_args.append("-i")
  if cnt.get("stop_signal", None):
  podman_args.extend(["--stop-signal", cnt["stop_signal"]])
- for i in cnt.get("sysctls", []):
- podman_args.extend(["--sysctl", i])
+
+ sysctls = cnt.get("sysctls")
+ if sysctls is not None:
+ if isinstance(sysctls, dict):
+ for sysctl, value in sysctls.items():
+ podman_args.extend(["--sysctl", "{}={}".format(sysctl, value)])
+ elif isinstance(sysctls, list):
+ for i in sysctls:
+ podman_args.extend(["--sysctl", i])
+ else:
+ raise TypeError("sysctls should be either dict or list")
+
  if cnt.get("tty", None):
  podman_args.append("--tty")
  if cnt.get("privileged", None):

diff --git a/pytests/test_container_to_args.py b/pytests/test_container_to_args.py
@@ -66,3 +66,67 @@ async def test_runtime(self):
  "busybox",
  ],
  )
+
+ async def test_sysctl_list(self):
+ c = create_compose_mock()
+
+ cnt = get_minimal_container()
+ cnt["sysctls"] = [
+ "net.core.somaxconn=1024",
+ "net.ipv4.tcp_syncookies=0",
+ ]
+
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ "--net",
+ "",
+ "--network-alias",
+ "service_name",
+ "--sysctl",
+ "net.core.somaxconn=1024",
+ "--sysctl",
+ "net.ipv4.tcp_syncookies=0",
+ "busybox",
+ ],
+ )
+
+ async def test_sysctl_map(self):
+ c = create_compose_mock()
+
+ cnt = get_minimal_container()
+ cnt["sysctls"] = {
+ "net.core.somaxconn": 1024,
+ "net.ipv4.tcp_syncookies": 0,
+ }
+
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ "--net",
+ "",
+ "--network-alias",
+ "service_name",
+ "--sysctl",
+ "net.core.somaxconn=1024",
+ "--sysctl",
+ "net.ipv4.tcp_syncookies=0",
+ "busybox",
+ ],
+ )
+
+ async def test_sysctl_wrong_type(self):
+ c = create_compose_mock()
+ cnt = get_minimal_container()
+
+ # check whether wrong types are correctly rejected
+ for wrong_type in [True, 0, 0.0, "wrong", ()]:
+ with self.assertRaises(TypeError):
+ cnt["sysctls"] = wrong_type
+ await container_to_args(c, cnt)