Skip to content

Commit f349b9c

Browse files
Add GenericContainer security options API (#1226)
1 parent 5fe87c1 commit f349b9c

File tree

4 files changed

+26
-0
lines changed

4 files changed

+26
-0
lines changed

docs/features/containers.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -245,6 +245,16 @@ const container = await new GenericContainer("alpine")
245245
.start();
246246
```
247247

248+
### With security options
249+
250+
See [Security options](https://docs.docker.com/engine/reference/run/#security-configuration).
251+
252+
```js
253+
const container = await new GenericContainer("alpine")
254+
.withSecurityOpt("no-new-privileges")
255+
.start();
256+
```
257+
248258
### With added capabilities
249259

250260
See [capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html).

packages/testcontainers/src/generic-container/generic-container.test.ts

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,16 @@ describe("GenericContainer", { timeout: 180_000 }, () => {
271271
});
272272
}
273273

274+
it("should set security options", async () => {
275+
await using container = await new GenericContainer("cristianrgreco/testcontainer:1.1.14")
276+
.withSecurityOpt("no-new-privileges")
277+
.withExposedPorts(8080)
278+
.start();
279+
280+
const { output } = await container.exec(["sh", "-c", "awk '/^NoNewPrivs:/ { print $2 }' /proc/1/status"]);
281+
expect(output.trim()).toBe("1");
282+
});
283+
274284
it("should add capabilities", async () => {
275285
await using container = await new GenericContainer("cristianrgreco/testcontainer:1.1.14")
276286
.withAddedCapabilities("IPC_LOCK")

packages/testcontainers/src/generic-container/generic-container.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -328,6 +328,11 @@ export class GenericContainer implements TestContainer {
328328
return this;
329329
}
330330

331+
public withSecurityOpt(...securityOptions: string[]): this {
332+
this.hostConfig.SecurityOpt = [...(this.hostConfig.SecurityOpt ?? []), ...securityOptions];
333+
return this;
334+
}
335+
331336
public withAddedCapabilities(...capabilities: string[]): this {
332337
this.hostConfig.CapAdd = [...(this.hostConfig.CapAdd ?? []), ...capabilities];
333338
return this;

packages/testcontainers/src/test-container.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ export interface TestContainer {
2727
withEntrypoint(entrypoint: string[]): this;
2828
withTmpFs(tmpFs: TmpFs): this;
2929
withUlimits(ulimits: Ulimits): this;
30+
withSecurityOpt(...securityOptions: string[]): this;
3031
withAddedCapabilities(...capabilities: string[]): this;
3132
withDroppedCapabilities(...capabilities: string[]): this;
3233
withExposedPorts(...ports: PortWithOptionalBinding[]): this;

0 commit comments

Comments
 (0)