diff options
| -rw-r--r-- | docker/api/container.py | 2 | ||||
| -rw-r--r-- | docker/models/containers.py | 3 | ||||
| -rw-r--r-- | docker/types/containers.py | 12 | ||||
| -rw-r--r-- | tests/integration/api_container_test.py | 15 |
4 files changed, 31 insertions, 1 deletions
diff --git a/docker/api/container.py b/docker/api/container.py index 962d8cb..8994129 100644 --- a/docker/api/container.py +++ b/docker/api/container.py @@ -438,6 +438,8 @@ class ContainerApiMixin(object): ``0,1``). cpuset_mems (str): Memory nodes (MEMs) in which to allow execution (``0-3``, ``0,1``). Only effective on NUMA systems. + device_cgroup_rules (:py:class:`list`): A list of cgroup rules to + apply to the container. device_read_bps: Limit read rate (bytes per second) from a device in the form of: `[{"Path": "device_path", "Rate": rate}]` device_read_iops: Limit read rate (IO per second) from a device. diff --git a/docker/models/containers.py b/docker/models/containers.py index 107a020..84dfa48 100644 --- a/docker/models/containers.py +++ b/docker/models/containers.py @@ -515,6 +515,8 @@ class ContainerCollection(Collection): (``0-3``, ``0,1``). Only effective on NUMA systems. detach (bool): Run container in the background and return a :py:class:`Container` object. + device_cgroup_rules (:py:class:`list`): A list of cgroup rules to + apply to the container. device_read_bps: Limit read rate (bytes per second) from a device in the form of: `[{"Path": "device_path", "Rate": rate}]` device_read_iops: Limit read rate (IO per second) from a device. @@ -912,6 +914,7 @@ RUN_HOST_CONFIG_KWARGS = [ 'cpuset_mems', 'cpu_rt_period', 'cpu_rt_runtime', + 'device_cgroup_rules', 'device_read_bps', 'device_read_iops', 'device_write_bps', diff --git a/docker/types/containers.py b/docker/types/containers.py index b4a329c..2521420 100644 --- a/docker/types/containers.py +++ b/docker/types/containers.py @@ -120,7 +120,8 @@ class HostConfig(dict): init=None, init_path=None, volume_driver=None, cpu_count=None, cpu_percent=None, nano_cpus=None, cpuset_mems=None, runtime=None, mounts=None, - cpu_rt_period=None, cpu_rt_runtime=None): + cpu_rt_period=None, cpu_rt_runtime=None, + device_cgroup_rules=None): if mem_limit is not None: self['Memory'] = parse_bytes(mem_limit) @@ -466,6 +467,15 @@ class HostConfig(dict): raise host_config_version_error('mounts', '1.30') self['Mounts'] = mounts + if device_cgroup_rules is not None: + if version_lt(version, '1.28'): + raise host_config_version_error('device_cgroup_rules', '1.28') + if not isinstance(device_cgroup_rules, list): + raise host_config_type_error( + 'device_cgroup_rules', device_cgroup_rules, 'list' + ) + self['DeviceCgroupRules'] = device_cgroup_rules + def host_config_type_error(param, param_value, expected): error_msg = 'Invalid type for {0} param: expected {1} but found {2}' diff --git a/tests/integration/api_container_test.py b/tests/integration/api_container_test.py index 01780a7..8447aa5 100644 --- a/tests/integration/api_container_test.py +++ b/tests/integration/api_container_test.py @@ -474,6 +474,21 @@ class CreateContainerTest(BaseAPIIntegrationTest): assert config['HostConfig']['CpuRealtimeRuntime'] == 500 assert config['HostConfig']['CpuRealtimePeriod'] == 1000 + @requires_api_version('1.28') + def test_create_with_device_cgroup_rules(self): + rule = 'c 7:128 rwm' + ctnr = self.client.create_container( + BUSYBOX, 'cat /sys/fs/cgroup/devices/devices.list', + host_config=self.client.create_host_config( + device_cgroup_rules=[rule] + ) + ) + self.tmp_containers.append(ctnr) + config = self.client.inspect_container(ctnr) + assert config['HostConfig']['DeviceCgroupRules'] == [rule] + self.client.start(ctnr) + assert rule in self.client.logs(ctnr).decode('utf-8') + class VolumeBindTest(BaseAPIIntegrationTest): def setUp(self): |