diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-10-25 21:26:27 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-25 21:26:27 +0200 |
commit | cd6dd608ca83c0af59f7a9937c29bbe445ecfc72 (patch) | |
tree | 40b5aed98d04ec986aee7ac2315b7eb76eea7709 /interface-definitions/containers.xml.in | |
parent | d9b1c3dff9aed30fd79aad3f317e2388d4bae719 (diff) | |
parent | bb5a04954d4b3d3f0b99d608c72028e8b1720699 (diff) | |
download | vyos-1x-cd6dd608ca83c0af59f7a9937c29bbe445ecfc72.tar.gz vyos-1x-cd6dd608ca83c0af59f7a9937c29bbe445ecfc72.zip |
Merge pull request #1031 from sever-sever/T3916
containers: T3916: Add capabilities net-raw and sys-admin
Diffstat (limited to 'interface-definitions/containers.xml.in')
-rw-r--r-- | interface-definitions/containers.xml.in | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in index 24d1870af..1e9c36ee5 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/containers.xml.in @@ -23,24 +23,32 @@ </leafNode> <leafNode name="cap-add"> <properties> - <help>Add capabilities</help> + <help>Container capabilities/permissions</help> <completionHelp> - <list>net-admin setpcap sys-time</list> + <list>net-admin net-raw setpcap sys-admin sys-time</list> </completionHelp> <valueHelp> <format>net-admin</format> - <description>Net-admin option</description> + <description>Network operations (interface, firewall, routing tables)</description> + </valueHelp> + <valueHelp> + <format>net-raw</format> + <description>Permission to create raw network sockets</description> </valueHelp> <valueHelp> <format>setpcap</format> - <description>Setpcap option</description> + <description>Capability sets (from bounded or inherited set)</description> + </valueHelp> + <valueHelp> + <format>sys-admin</format> + <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description> </valueHelp> <valueHelp> <format>sys-time</format> - <description>Sys-time option</description> + <description>Permission to set system clock</description> </valueHelp> <constraint> - <regex>^(net-admin|setpcap|sys-time)$</regex> + <regex>^(net-admin|net-raw|setpcap|sys-admin|sys-time)$</regex> </constraint> <multi/> </properties> |