Cannot use 'systempaths=unconfined' security_opt #3377
Description
Hi, I am having issues using the systempaths=unconfined security option using the python SDK.
To replicate:
import docker
client = docker.from_env()
client.containers.run("hello-world", command=None, security_opt=["systempaths=unconfined"])Running this code produces the following error message:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/docker/api/client.py", line 275, in _raise_for_status
response.raise_for_status()
File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 1026, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.45/containers/create
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/.../docker-bug.py", line 5, in <module>
client.containers.run("hello-world", command=None, security_opt=["systempaths=unconfined"])
File "/usr/local/lib/python3.11/site-packages/docker/models/containers.py", line 876, in run
container = self.create(image=image, command=command,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/docker/models/containers.py", line 935, in create
resp = self.client.api.create_container(**create_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/docker/api/container.py", line 440, in create_container
return self.create_container_from_config(config, name, platform)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/docker/api/container.py", line 457, in create_container_from_config
return self._result(res, True)
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/docker/api/client.py", line 281, in _result
self._raise_for_status(response)
File "/usr/local/lib/python3.11/site-packages/docker/api/client.py", line 277, in _raise_for_status
raise create_api_error_from_http_exception(e) from e
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 500 Server Error for http+docker://localhost/v1.45/containers/create: Internal Server Error ("invalid --security-opt 2: "systempaths=unconfined"")
However, when I run docker run --security-opt "systempaths=unconfined" hello-world, the container launches as expected.
Host information:
$ python3.11 -m pip freeze | grep docker && python3.11 --version && docker version
docker==7.1.0
Python 3.11.13
Client: Docker Engine - Community
Version: 26.1.3
API version: 1.45
Go version: go1.21.10
Git commit: b72abbb
Built: Thu May 16 08:34:39 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.1.3
API version: 1.45 (minimum version 1.24)
Go version: go1.21.10
Git commit: 8e96db1
Built: Thu May 16 08:33:34 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.32
GitCommit: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0