Allow adding default capabilities to unprivileged addons

This commit is contained in:
Tim Allclair 2018-08-20 17:28:09 -07:00
parent 6d76e35b39
commit 13adb97714

View File

@ -19,6 +19,22 @@ metadata:
spec:
privileged: false
allowPrivilegeEscalation: false
# The docker default set of capabilities
allowedCapabilities:
- SETPCAP
- MKNOD
- AUDIT_WRITE
- CHOWN
- NET_RAW
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- NET_BIND_SERVICE
- SYS_CHROOT
- SETFCAP
volumes:
- 'emptyDir'
- 'configMap'