diff --git a/docker/resource_docker_container.go b/docker/resource_docker_container.go index ade00b46..8f730399 100644 --- a/docker/resource_docker_container.go +++ b/docker/resource_docker_container.go @@ -223,6 +223,15 @@ func resourceDockerContainer() *schema.Resource { }, }, }, + "security_opts": { + Type: schema.TypeSet, + Optional: true, + ForceNew: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "List of string values to customize labels for MLS systems, such as SELinux. See https://docs.docker.com/engine/reference/run/#security-configuration", + Set: schema.HashString, + }, "mounts": { Type: schema.TypeSet, Description: "Specification for mounts to be added to containers created as part of the service", diff --git a/docker/resource_docker_container_funcs.go b/docker/resource_docker_container_funcs.go index ba51eef1..5dd547f4 100644 --- a/docker/resource_docker_container_funcs.go +++ b/docker/resource_docker_container_funcs.go @@ -272,6 +272,10 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err hostConfig.Links = stringSetToStringSlice(v.(*schema.Set)) } + if v, ok := d.GetOk("security_opts"); ok { + hostConfig.SecurityOpt = stringSetToStringSlice(v.(*schema.Set)) + } + if v, ok := d.GetOk("memory"); ok { hostConfig.Memory = int64(v.(int)) * 1024 * 1024 } @@ -618,6 +622,7 @@ func resourceDockerContainerRead(d *schema.ResourceData, meta interface{}) error d.Set("user", container.Config.User) d.Set("dns", container.HostConfig.DNS) d.Set("dns_opts", container.HostConfig.DNSOptions) + d.Set("security_opts", container.HostConfig.SecurityOpt) d.Set("dns_search", container.HostConfig.DNSSearch) d.Set("publish_all_ports", container.HostConfig.PublishAllPorts) d.Set("restart", container.HostConfig.RestartPolicy.Name) diff --git a/docker/resource_docker_container_test.go b/docker/resource_docker_container_test.go index 65d81200..52966b46 100644 --- a/docker/resource_docker_container_test.go +++ b/docker/resource_docker_container_test.go @@ -1879,6 +1879,8 @@ resource "docker_container" "foo" { drop = ["SYS_ADMIN"] } + security_opts = ["apparmor=unconfined", "label=disable"] + dns = ["8.8.8.8"] dns_opts = ["rotate"] dns_search = ["example.com"] diff --git a/website/docs/r/container.html.markdown b/website/docs/r/container.html.markdown index 6008e044..6b2a6ed7 100644 --- a/website/docs/r/container.html.markdown +++ b/website/docs/r/container.html.markdown @@ -76,6 +76,7 @@ data is stored in them. See [the docker documentation](https://docs.docker.com/n kept running. If false, then as long as the container exists, Terraform assumes it is successful. * `capabilities` - (Optional, block) See [Capabilities](#capabilities-1) below for details. +* `security_opts` - (Optional, set of strings) Set of string values to customize labels for MLS systems, such as SELinux. See https://docs.docker.com/engine/reference/run/#security-configuration. * `mounts` - (Optional, set of blocks) See [Mounts](#mounts-1) below for details. * `tmpfs` - (Optional, map) A map of container directories which should be replaced by `tmpfs mounts`, and their corresponding mount options. * `ports` - (Optional, block) See [Ports](#ports-1) below for details.