summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony Rabbito <hello@anthonyrabbito.com>2021-11-18 08:50:48 -0500
committerAnthony Rabbito <hello@anthonyrabbito.com>2021-11-18 08:50:48 -0500
commit236bcd5849227628ba57e6420039993a23e673d0 (patch)
tree6f81e27fc79f2bdc0d005a74dde1184ea3851088
parentd13b91462487e090b32c0d1ecf9139a2271b4837 (diff)
downloadvyos-1x-236bcd5849227628ba57e6420039993a23e673d0.tar.gz
vyos-1x-236bcd5849227628ba57e6420039993a23e673d0.zip
containers: T4006: Add capabilities net-bind-service
Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com>
-rw-r--r--interface-definitions/containers.xml.in8
1 files changed, 6 insertions, 2 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index 1e9c36ee5..30c7110b8 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -25,13 +25,17 @@
<properties>
<help>Container capabilities/permissions</help>
<completionHelp>
- <list>net-admin net-raw setpcap sys-admin sys-time</list>
+ <list>net-admin net-bind-service net-raw setpcap sys-admin sys-time</list>
</completionHelp>
<valueHelp>
<format>net-admin</format>
<description>Network operations (interface, firewall, routing tables)</description>
</valueHelp>
<valueHelp>
+ <format>net-bind-service</format>
+ <description>Bind a socket to privileged ports (port numbers less than 1024)</description>
+ </valueHelp>
+ <valueHelp>
<format>net-raw</format>
<description>Permission to create raw network sockets</description>
</valueHelp>
@@ -48,7 +52,7 @@
<description>Permission to set system clock</description>
</valueHelp>
<constraint>
- <regex>^(net-admin|net-raw|setpcap|sys-admin|sys-time)$</regex>
+ <regex>^(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)$</regex>
</constraint>
<multi/>
</properties>