summaryrefslogtreecommitdiff
path: root/pkg/spec/createconfig.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-02-27 14:19:07 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-03-02 16:37:32 -0500
commitb163640c61dcb10953949a1ee28599d8a19fd046 (patch)
treee7b56307cc2778c6cab81f658515ea145d990979 /pkg/spec/createconfig.go
parent47c4ea39196cedac87e7a4e4c1ead54ed9d7ed50 (diff)
downloadpodman-b163640c61dcb10953949a1ee28599d8a19fd046.tar.gz
podman-b163640c61dcb10953949a1ee28599d8a19fd046.tar.bz2
podman-b163640c61dcb10953949a1ee28599d8a19fd046.zip
Allow devs to set labels in container images for default capabilities.
This patch allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" tells podman that the contained image should work fine with just these two capabilties, instead of running with the default capabilities, podman will launch the container with just these capabilties. If the user or image specified capabilities that are not in the default set, the container will print an error message and will continue to run with the default capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/spec/createconfig.go')
-rw-r--r--pkg/spec/createconfig.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 02678a687..1d9633bb3 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -112,6 +112,7 @@ type NetworkConfig struct {
type SecurityConfig struct {
CapAdd []string // cap-add
CapDrop []string // cap-drop
+ CapRequired []string // cap-required
LabelOpts []string //SecurityOpts
NoNewPrivs bool //SecurityOpts
ApparmorProfile string //SecurityOpts