github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

ctr: Add Linux Capabilities control flags

Browse Source 
This allows Linux Capabilities to be modified via `ctr`.

e.g.
```
$ sudo ./bin/ctr run --cap-add "CAP_SYS_ADMIN" --cap-drop "CAP_NET_RAW" \
--rm docker.io/library/busybox:latest foo cat /proc/self/status | grep Cap
CapInh: 00000000a82405fb
CapPrm: 00000000a82405fb
CapEff: 00000000a82405fb
CapBnd: 00000000a82405fb
CapAmb: 0000000000000000
```

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
This commit is contained in:
Manabu Sugimoto
2021-11-25 14:50:43 +09:00
parent ff1a105d7f
commit 95b3ab2a4a
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/ctr/commands/commands.go
View File

@@ -169,6 +169,14 @@ var (
Name: "device",
Usage: "file path to a device to add to the container; or a path to a directory tree of devices to add to the container",
},
cli.StringSliceFlag{
Name: "cap-add",
Usage: "add Linux capabilities (Set capabilities with 'CAP_' prefix)",
},
cli.StringSliceFlag{
Name: "cap-drop",
Usage: "drop Linux capabilities (Set capabilities with 'CAP_' prefix)",
},
cli.BoolFlag{
Name: "seccomp",
Usage: "enable the default seccomp profile",