From bb5a04954d4b3d3f0b99d608c72028e8b1720699 Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Tue, 19 Oct 2021 22:56:36 +0000 Subject: containers: T3916: Add capabilities net-raw and sys-admin --- interface-definitions/containers.xml.in | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'interface-definitions/containers.xml.in') diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in index 24d1870af..1e9c36ee5 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/containers.xml.in @@ -23,24 +23,32 @@ - Add capabilities + Container capabilities/permissions - net-admin setpcap sys-time + net-admin net-raw setpcap sys-admin sys-time net-admin - Net-admin option + Network operations (interface, firewall, routing tables) + + + net-raw + Permission to create raw network sockets setpcap - Setpcap option + Capability sets (from bounded or inherited set) + + + sys-admin + Administation operations (quotactl, mount, sethostname, setdomainame) sys-time - Sys-time option + Permission to set system clock - ^(net-admin|setpcap|sys-time)$ + ^(net-admin|net-raw|setpcap|sys-admin|sys-time)$ -- cgit v1.2.3