summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorViacheslav <v.gletenko@vyos.io>2021-10-19 22:56:36 +0000
committerViacheslav <v.gletenko@vyos.io>2021-10-25 19:24:14 +0000
commitbb5a04954d4b3d3f0b99d608c72028e8b1720699 (patch)
tree270bb6a6763cff9789e7a972b5255da232c4cae6 /interface-definitions
parente48b345f7524761a29b7adf36a13c155e2f34d15 (diff)
downloadvyos-1x-bb5a04954d4b3d3f0b99d608c72028e8b1720699.tar.gz
vyos-1x-bb5a04954d4b3d3f0b99d608c72028e8b1720699.zip
containers: T3916: Add capabilities net-raw and sys-admin
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/containers.xml.in20
1 files changed, 14 insertions, 6 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index 24d1870af..1e9c36ee5 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -23,24 +23,32 @@
</leafNode>
<leafNode name="cap-add">
<properties>
- <help>Add capabilities</help>
+ <help>Container capabilities/permissions</help>
<completionHelp>
- <list>net-admin setpcap sys-time</list>
+ <list>net-admin net-raw setpcap sys-admin sys-time</list>
</completionHelp>
<valueHelp>
<format>net-admin</format>
- <description>Net-admin option</description>
+ <description>Network operations (interface, firewall, routing tables)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>net-raw</format>
+ <description>Permission to create raw network sockets</description>
</valueHelp>
<valueHelp>
<format>setpcap</format>
- <description>Setpcap option</description>
+ <description>Capability sets (from bounded or inherited set)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>sys-admin</format>
+ <description>Administation operations (quotactl, mount, sethostname, setdomainame)</description>
</valueHelp>
<valueHelp>
<format>sys-time</format>
- <description>Sys-time option</description>
+ <description>Permission to set system clock</description>
</valueHelp>
<constraint>
- <regex>^(net-admin|setpcap|sys-time)$</regex>
+ <regex>^(net-admin|net-raw|setpcap|sys-admin|sys-time)$</regex>
</constraint>
<multi/>
</properties>