From 236bcd5849227628ba57e6420039993a23e673d0 Mon Sep 17 00:00:00 2001 From: Anthony Rabbito Date: Thu, 18 Nov 2021 08:50:48 -0500 Subject: containers: T4006: Add capabilities net-bind-service Signed-off-by: Anthony Rabbito --- interface-definitions/containers.xml.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in index 1e9c36ee5..30c7110b8 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/containers.xml.in @@ -25,12 +25,16 @@ Container capabilities/permissions - net-admin net-raw setpcap sys-admin sys-time + net-admin net-bind-service net-raw setpcap sys-admin sys-time net-admin Network operations (interface, firewall, routing tables) + + net-bind-service + Bind a socket to privileged ports (port numbers less than 1024) + net-raw Permission to create raw network sockets @@ -48,7 +52,7 @@ Permission to set system clock - ^(net-admin|net-raw|setpcap|sys-admin|sys-time)$ + ^(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-time)$ -- cgit v1.2.3