This repository has been archived by the owner on Oct 22, 2023. It is now read-only.
Allow adding or dropping Docker capabilities #80
Labels
Comments
|
Great minds think alike... I added this to the roadmap on Friday, and I nearly have a change ready to go to add support for |
charleskorn
added a commit
that referenced
this issue
Apr 14, 2019
This is required for some images such as the docker:dind image. See also #80.
charleskorn
added a commit
that referenced
this issue
Apr 25, 2019
This allows users to selectively add capabilities rather than grant access to everything with 'privileged'. See also #80.
|
Thanks again for all your feedback @ineffyble! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The
containerspec should allow specifying Docker capabilities. See docker-compose documentation for an example implementation.This functionality would be useful:
A) When wanting to tighten security, by allowing the user to drop unused capabilities
B) When needing to run a Docker container/task with extra capabilities (for example, adding
SYS_MODULEto enable something in a container to load a kernel module)I would suggest the
privilegedflag should also be part of this flag. This enables a range of extra privileges on a container, and is used for things like accessing host devices.The text was updated successfully, but these errors were encountered: