summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-10-25 21:26:27 +0200
committerGitHub <noreply@github.com>2021-10-25 21:26:27 +0200
commitcd6dd608ca83c0af59f7a9937c29bbe445ecfc72 (patch)
tree40b5aed98d04ec986aee7ac2315b7eb76eea7709
parentd9b1c3dff9aed30fd79aad3f317e2388d4bae719 (diff)
parentbb5a04954d4b3d3f0b99d608c72028e8b1720699 (diff)
downloadvyos-1x-cd6dd608ca83c0af59f7a9937c29bbe445ecfc72.tar.gz
vyos-1x-cd6dd608ca83c0af59f7a9937c29bbe445ecfc72.zip
Merge pull request #1031 from sever-sever/T3916
containers: T3916: Add capabilities net-raw and sys-admin
-rw-r--r--interface-definitions/containers.xml.in20
1 files changed, 14 insertions, 6 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index 24d1870af..1e9c36ee5 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -23,24 +23,32 @@
</leafNode>
<leafNode name="cap-add">
<properties>
- <help>Add capabilities</help>
+ <help>Container capabilities/permissions</help>
<completionHelp>
- <list>net-admin setpcap sys-time</list>
+ <list>net-admin net-raw setpcap sys-admin sys-time</list>
</completionHelp>
<valueHelp>
<format>net-admin</format>
- <description>Net-admin option</description>
+ <description>Network operations (interface, firewall, routing tables)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>net-raw</format>
+ <description>Permission to create raw network sockets</description>
</valueHelp>
<valueHelp>
<format>setpcap</format>
- <description>Setpcap option</description>
+ <description>Capability sets (from bounded or inherited set)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sys-admin</format>
+ <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description>
</valueHelp>
<valueHelp>
<format>sys-time</format>
- <description>Sys-time option</description>
+ <description>Permission to set system clock</description>
</valueHelp>
<constraint>
- <regex>^(net-admin|setpcap|sys-time)$</regex>
+ <regex>^(net-admin|net-raw|setpcap|sys-admin|sys-time)$</regex>
</constraint>
<multi/>
</properties>