You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 22, 2023. It is now read-only.
A) When wanting to tighten security, by allowing the user to drop unused capabilities
B) When needing to run a Docker container/task with extra capabilities (for example, adding SYS_MODULE to enable something in a container to load a kernel module)
I would suggest the privileged flag should also be part of this flag. This enables a range of extra privileges on a container, and is used for things like accessing host devices.
The text was updated successfully, but these errors were encountered:
Great minds think alike... I added this to the roadmap on Friday, and I nearly have a change ready to go to add support for --privileged. The capabilities stuff shouldn't be too hard to add either.
The
container
spec should allow specifying Docker capabilities. See docker-compose documentation for an example implementation.This functionality would be useful:
A) When wanting to tighten security, by allowing the user to drop unused capabilities
B) When needing to run a Docker container/task with extra capabilities (for example, adding
SYS_MODULE
to enable something in a container to load a kernel module)I would suggest the
privileged
flag should also be part of this flag. This enables a range of extra privileges on a container, and is used for things like accessing host devices.The text was updated successfully, but these errors were encountered: