Skip to content

Instantly share code, notes, and snippets.

@computermouth

computermouth/docker_caps.sh

Last active July 11, 2017 00:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save computermouth/4a0c2653951b2836bde64524bb206af6 to your computer and use it in GitHub Desktop.
Save computermouth/4a0c2653951b2836bde64524bb206af6 to your computer and use it in GitHub Desktop.
Download ZIP
All the docker capability flags
Raw
docker_caps.sh
#!/bin/bash
docker run $my_image \
--cap-add AUDIT_CONTROL \
--cap-add AUDIT_READ \
--cap-add AUDIT_WRITE \
--cap-add BLOCK_SUSPEND \
--cap-add CHOWN \
--cap-add DAC_OVERRIDE \
--cap-add DAC_READ_SEARCH \
--cap-add FOWNER \
--cap-add FSETID \
--cap-add IPC_LOCK \
--cap-add IPC_OWNER \
--cap-add KILL \
--cap-add LEASE \
--cap-add LINUX_IMMUTABLE \
--cap-add MAC_ADMIN \
--cap-add MAC_OVERRIDE \
--cap-add MKNOD \
--cap-add NET_ADMIN \
--cap-add NET_BIND_SERVICE \
--cap-add NET_BROADCAST \
--cap-add NET_RAW \
--cap-add SETGID \
--cap-add SETFCAP \
--cap-add SETPCAP \
--cap-add SETUID \
--cap-add SYS_ADMIN \
--cap-add SYS_BOOT \
--cap-add SYS_CHROOT \
--cap-add SYS_MODULE \
--cap-add SYS_NICE \
--cap-add SYS_PACCT \
--cap-add SYS_PTRACE \
--cap-add SYS_RAWIO \
--cap-add SYS_RESOURCE \
--cap-add SYS_TIME \
--cap-add SYS_TTY_CONFIG \
--cap-add SYSLOG \
--cap-add WAKE_ALARM \
$my_binary
# or in gadget.yml..
# capabilities: ['AUDIT_CONTROL', 'AUDIT_READ', 'AUDIT_WRITE', 'BLOCK_SUSPEND', 'CHOWN', 'DAC_OVERRIDE', 'DAC_READ_SEARCH', 'FOWNER', 'FSETID', 'IPC_LOCK', 'IPC_OWNER', 'KILL', 'LEASE', 'LINUX_IMMUTABLE', 'MAC_ADMIN', 'MAC_OVERRIDE', 'MKNOD', 'NET_ADMIN', 'NET_BIND_SERVICE', 'NET_BROADCAST', 'NET_RAW', 'SETGID', 'SETFCAP', 'SETPCAP', 'SETUID', 'SYS_ADMIN', 'SYS_BOOT', 'SYS_CHROOT', 'SYS_MODULE', 'SYS_NICE', 'SYS_PACCT', 'SYS_PTRACE', 'SYS_RAWIO', 'SYS_RESOURCE', 'SYS_TIME', 'SYS_TTY_CONFIG', 'SYSLOG', 'WAKE_ALARM']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment