From 6d495fc92f12e37818901f95f0f0eac1a80c6a4a Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Wed, 5 Apr 2017 16:36:29 +0100 Subject: [PATCH] swarmd: allow all capabilities The existing set was randomly rather than carefully chosen, lets just be honest and use "all" until the proper set can be determined. Signed-off-by: Ian Campbell --- projects/swarmd/swarmd.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/projects/swarmd/swarmd.yml b/projects/swarmd/swarmd.yml index f5e164723..2548f0a3d 100644 --- a/projects/swarmd/swarmd.yml +++ b/projects/swarmd/swarmd.yml @@ -32,20 +32,7 @@ services: image: "linuxkit/swarmd:a2f57f14f07fb6d7cded7832b2dabe878b28554e" command: ["/usr/bin/swarmd", "--containerd-addr=/run/containerd/containerd.sock", "--log-level=debug", "--state-dir=/var/lib/swarmd"] capabilities: - - CAP_CHOWN - - CAP_DAC_OVERRIDE - - CAP_FSETID - - CAP_FOWNER - - CAP_MKNOD - - CAP_NET_RAW - - CAP_SETGID - - CAP_SETUID - - CAP_SETFCAP - - CAP_SETPCAP - - CAP_NET_BIND_SERVICE - - CAP_SYS_CHROOT - - CAP_KILL - - CAP_AUDIT_WRITE + - all pid: host net: host binds: