mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2025-01-01 19:46:44 +00:00
Allow only the options that we know can be supported
This commit is contained in:
parent
4db78b9743
commit
02e111ff62
@ -253,10 +253,10 @@ do ->
|
||||
knex('image').select().where('repoTag', options.Image)
|
||||
.then (images) ->
|
||||
throw new Error('Only images created via the Supervisor can be used for creating containers.') if images.length == 0
|
||||
knex.transaction (trx) ->
|
||||
knex.transaction (tx) ->
|
||||
Promise.try ->
|
||||
return internalId if internalId?
|
||||
trx.insert({}, 'id').into('container')
|
||||
tx.insert({}, 'id').into('container')
|
||||
.then ([ id ]) ->
|
||||
return id
|
||||
.then (id) ->
|
||||
@ -283,9 +283,8 @@ do ->
|
||||
docker.modem.dialAsync(optsf)
|
||||
.then (data) ->
|
||||
containerId = data.Id
|
||||
trx('container').update({ containerId }).where({ id })
|
||||
.then ->
|
||||
return data
|
||||
tx('container').update({ containerId }).where({ id })
|
||||
.return(data)
|
||||
exports.createContainer = (req, res) ->
|
||||
createContainer(req.body)
|
||||
.then (data) ->
|
||||
|
@ -230,52 +230,24 @@ exports.defaultBinds = (dataPath) ->
|
||||
exports.validComposeOptions = [
|
||||
'command'
|
||||
'entrypoint'
|
||||
'env_file'
|
||||
'environment'
|
||||
'expose'
|
||||
'image'
|
||||
'labels'
|
||||
'ports'
|
||||
'stop_signal'
|
||||
'volumes'
|
||||
'volumes' # Will be overwritten with the default binds
|
||||
'user'
|
||||
'working_dir'
|
||||
'cap_add'
|
||||
'cap_drop'
|
||||
'devices'
|
||||
'dns'
|
||||
'dns_search'
|
||||
'tmpfs'
|
||||
'extra_hosts'
|
||||
'links'
|
||||
'net'
|
||||
'network_mode'
|
||||
'ulimits'
|
||||
'volumes_from'
|
||||
'cpu_shares'
|
||||
'cpu_quota'
|
||||
'cpuset'
|
||||
'domainname'
|
||||
'hostname'
|
||||
'mac_address'
|
||||
'mem_limit'
|
||||
'memswap_limit'
|
||||
'net'
|
||||
'privileged'
|
||||
'tty'
|
||||
'read_only'
|
||||
'shm_size'
|
||||
'ipc'
|
||||
'restart'
|
||||
'security_opt'
|
||||
'networks'
|
||||
'pid'
|
||||
]
|
||||
|
||||
exports.validContainerOptions = [
|
||||
'Hostname'
|
||||
'Domainname'
|
||||
'User'
|
||||
'Tty'
|
||||
'Env'
|
||||
'Labels'
|
||||
'Cmd'
|
||||
@ -283,59 +255,22 @@ exports.validContainerOptions = [
|
||||
'Image'
|
||||
'Volumes'
|
||||
'WorkingDir'
|
||||
'NetworkDisabled'
|
||||
'ExposedPorts'
|
||||
'HostConfig'
|
||||
'Name'
|
||||
]
|
||||
|
||||
exports.validHostConfigOptions = [
|
||||
'Binds'
|
||||
'Binds' # Will be overwritten with the default binds
|
||||
'Links'
|
||||
'Memory'
|
||||
'MemorySwap'
|
||||
'MemoryReservation'
|
||||
'KernelMemory'
|
||||
'CpuShares'
|
||||
'CpuPeriod'
|
||||
'CpuQuota'
|
||||
'CpusetCpus'
|
||||
'CpusetMems'
|
||||
'BlkioWeight'
|
||||
'BlkioWeightDevice'
|
||||
'BlkioDeviceReadBps'
|
||||
'BlkioDeviceWriteBps'
|
||||
'BlkioDeviceReadIOps'
|
||||
'BlkioDeviceWriteIOps'
|
||||
'MemorySwappiness'
|
||||
'OomKillDisable'
|
||||
'OomScoreAdj'
|
||||
'PidMode'
|
||||
'PortBindings'
|
||||
'PublishAllPorts'
|
||||
'Privileged'
|
||||
'ReadonlyRootfs'
|
||||
'Dns'
|
||||
'DnsOptions'
|
||||
'DnsSearch'
|
||||
'ExtraHosts'
|
||||
'VolumesFrom'
|
||||
'CapAdd'
|
||||
'CapDrop'
|
||||
'GroupAdd'
|
||||
'RestartPolicy'
|
||||
'NetworkMode'
|
||||
'Devices'
|
||||
'Ulimits'
|
||||
'SecurityOpt'
|
||||
'ShmSize'
|
||||
]
|
||||
|
||||
exports.validateKeys = (options, validSet) ->
|
||||
Promise.try ->
|
||||
return if !options?
|
||||
keys = _.keys(options)
|
||||
invalidKeys = []
|
||||
_.each keys, (key) ->
|
||||
invalidKeys.push(key) if !_.includes(validSet, key)
|
||||
invalidKeys = _.keys(_.omit(options, validSet))
|
||||
throw new Error("Using #{invalidKeys.join(', ')} is not allowed.") if !_.isEmpty(invalidKeys)
|
||||
|
Loading…
Reference in New Issue
Block a user