diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2018-08-24 05:47:37 -0400 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-24 12:16:19 +0000 |
| commit | e7fbf329c206397b77f39b60e1bed0c8b9de45c6 (patch) | |
| tree | 753e01de94b2c3d3b99e2ced9d5d9c8c2313a6ac | |
| parent | 16465007d0ea1226b63efccc98f1adc8dc279fd3 (diff) | |
| download | podman-e7fbf329c206397b77f39b60e1bed0c8b9de45c6.tar.gz podman-e7fbf329c206397b77f39b60e1bed0c8b9de45c6.tar.bz2 podman-e7fbf329c206397b77f39b60e1bed0c8b9de45c6.zip | |
Reveal information about container capabilities
I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
| -rw-r--r-- | docs/podman-inspect.1.md | 5 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 2 | ||||
| -rw-r--r-- | pkg/inspect/inspect.go | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/docs/podman-inspect.1.md b/docs/podman-inspect.1.md index 47a189e39..ef68e929c 100644 --- a/docs/podman-inspect.1.md +++ b/docs/podman-inspect.1.md @@ -96,6 +96,11 @@ overlay size: 4405240 ``` +``` +podman inspect --latest --format {{.EffectiveCaps}} +[CAP_CHOWN CAP_DAC_OVERRIDE CAP_FSETID CAP_FOWNER CAP_MKNOD CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETFCAP CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_SYS_CHROOT CAP_KILL CAP_AUDIT_WRITE] +``` + ## SEE ALSO podman(1) diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 7ed9f9be9..f2e54aeef 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -79,6 +79,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) Name: config.Name, Driver: driverData.Name, MountLabel: config.MountLabel, + EffectiveCaps: spec.Process.Capabilities.Effective, + BoundingCaps: spec.Process.Capabilities.Bounding, ProcessLabel: spec.Process.SelinuxLabel, AppArmorProfile: spec.Process.ApparmorProfile, ExecIDs: execIDs, diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go index b9230027c..62ba53147 100644 --- a/pkg/inspect/inspect.go +++ b/pkg/inspect/inspect.go @@ -161,6 +161,8 @@ type ContainerInspectData struct { MountLabel string `json:"MountLabel"` ProcessLabel string `json:"ProcessLabel"` AppArmorProfile string `json:"AppArmorProfile"` + EffectiveCaps []string `json:"EffectiveCaps"` + BoundingCaps []string `json:"BoundingCaps"` ExecIDs []string `json:"ExecIDs"` GraphDriver *Data `json:"GraphDriver"` SizeRw int64 `json:"SizeRw,omitempty"` |