diff options
| -rw-r--r-- | docs/podman-inspect.1.md | 5 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 2 | ||||
| -rw-r--r-- | pkg/inspect/inspect.go | 2 |
3 files changed, 9 insertions, 0 deletions
diff --git a/docs/podman-inspect.1.md b/docs/podman-inspect.1.md index 47a189e39..ef68e929c 100644 --- a/docs/podman-inspect.1.md +++ b/docs/podman-inspect.1.md @@ -96,6 +96,11 @@ overlay size: 4405240 ``` +``` +podman inspect --latest --format {{.EffectiveCaps}} +[CAP_CHOWN CAP_DAC_OVERRIDE CAP_FSETID CAP_FOWNER CAP_MKNOD CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETFCAP CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_SYS_CHROOT CAP_KILL CAP_AUDIT_WRITE] +``` + ## SEE ALSO podman(1) diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 7ed9f9be9..f2e54aeef 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -79,6 +79,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data) Name: config.Name, Driver: driverData.Name, MountLabel: config.MountLabel, + EffectiveCaps: spec.Process.Capabilities.Effective, + BoundingCaps: spec.Process.Capabilities.Bounding, ProcessLabel: spec.Process.SelinuxLabel, AppArmorProfile: spec.Process.ApparmorProfile, ExecIDs: execIDs, diff --git a/pkg/inspect/inspect.go b/pkg/inspect/inspect.go index b9230027c..62ba53147 100644 --- a/pkg/inspect/inspect.go +++ b/pkg/inspect/inspect.go @@ -161,6 +161,8 @@ type ContainerInspectData struct { MountLabel string `json:"MountLabel"` ProcessLabel string `json:"ProcessLabel"` AppArmorProfile string `json:"AppArmorProfile"` + EffectiveCaps []string `json:"EffectiveCaps"` + BoundingCaps []string `json:"BoundingCaps"` ExecIDs []string `json:"ExecIDs"` GraphDriver *Data `json:"GraphDriver"` SizeRw int64 `json:"SizeRw,omitempty"` |