From f1e78683680e1e61ebddfe7d03086f560b614572 Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Wed, 20 Nov 2024 14:24:35 +0300
Subject: [PATCH] allowed read/write/exec of files for AppAPI for ExApps
 containers

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 Containers/docker-socket-proxy/haproxy.cfg | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg
index 66a0c594..601b465f 100644
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -22,7 +22,12 @@ frontend http
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
     # container rm: DELETE containers/%s
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-
+    # container update/exec: POST containers/%s/update containers/%s/exec
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((update)|(exec)) } METH_POST
+    # container put: PUT containers/%s/archive
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/archive } METH_PUT
+    # run exec instance: POST exec/%s
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec/[a-zA-Z0-9_.-]+/start } METH_POST
 
     # container create: POST containers/create?name=%s
     # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+