github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-04-09 04:12:05 +00:00
Code Issues Projects Releases Wiki Activity

Add support for ambient capabilities

Browse Source 
Allow setting ambient capabilities, as a seperate option to the standard
ones. If you are running as a non root user you should use these.

Note that unless you add `CAP_DAC_OVERRIDE` and similar permissions you
need to be careful about file ownership. Added support to set ownership
in the `files` section to help out with this.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack
2017-06-30 13:44:49 +01:00
parent 70c5c2e1a0
commit 66b4aed239
3 changed files with 66 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/moby/schema.go
View File

@@ -24,7 +24,9 @@ var schema = string(`
"contents": {"type": "string"},
"source": {"type": "string"},
"optional": {"type": "boolean"},
"mode": {"type": "string"}
"mode": {"type": "string"},
"uid": {"type": "integer"},
"gid": {"type": "integer"}
}
},
"files": {
@@ -65,6 +67,7 @@ var schema = string(`
"name": {"type": "string"},
"image": {"type": "string"},
"capabilities": { "$ref": "#/definitions/strings" },
"ambient": { "$ref": "#/definitions/strings" },
"mounts": { "$ref": "#/definitions/mounts" },
"binds": { "$ref": "#/definitions/strings" },
"tmpfs": { "$ref": "#/definitions/strings" },