Last active
July 11, 2017 00:39
-
-
Save computermouth/4a0c2653951b2836bde64524bb206af6 to your computer and use it in GitHub Desktop.
All the docker capability flags
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
docker run $my_image \ | |
--cap-add AUDIT_CONTROL \ | |
--cap-add AUDIT_READ \ | |
--cap-add AUDIT_WRITE \ | |
--cap-add BLOCK_SUSPEND \ | |
--cap-add CHOWN \ | |
--cap-add DAC_OVERRIDE \ | |
--cap-add DAC_READ_SEARCH \ | |
--cap-add FOWNER \ | |
--cap-add FSETID \ | |
--cap-add IPC_LOCK \ | |
--cap-add IPC_OWNER \ | |
--cap-add KILL \ | |
--cap-add LEASE \ | |
--cap-add LINUX_IMMUTABLE \ | |
--cap-add MAC_ADMIN \ | |
--cap-add MAC_OVERRIDE \ | |
--cap-add MKNOD \ | |
--cap-add NET_ADMIN \ | |
--cap-add NET_BIND_SERVICE \ | |
--cap-add NET_BROADCAST \ | |
--cap-add NET_RAW \ | |
--cap-add SETGID \ | |
--cap-add SETFCAP \ | |
--cap-add SETPCAP \ | |
--cap-add SETUID \ | |
--cap-add SYS_ADMIN \ | |
--cap-add SYS_BOOT \ | |
--cap-add SYS_CHROOT \ | |
--cap-add SYS_MODULE \ | |
--cap-add SYS_NICE \ | |
--cap-add SYS_PACCT \ | |
--cap-add SYS_PTRACE \ | |
--cap-add SYS_RAWIO \ | |
--cap-add SYS_RESOURCE \ | |
--cap-add SYS_TIME \ | |
--cap-add SYS_TTY_CONFIG \ | |
--cap-add SYSLOG \ | |
--cap-add WAKE_ALARM \ | |
$my_binary | |
# or in gadget.yml.. | |
# capabilities: ['AUDIT_CONTROL', 'AUDIT_READ', 'AUDIT_WRITE', 'BLOCK_SUSPEND', 'CHOWN', 'DAC_OVERRIDE', 'DAC_READ_SEARCH', 'FOWNER', 'FSETID', 'IPC_LOCK', 'IPC_OWNER', 'KILL', 'LEASE', 'LINUX_IMMUTABLE', 'MAC_ADMIN', 'MAC_OVERRIDE', 'MKNOD', 'NET_ADMIN', 'NET_BIND_SERVICE', 'NET_BROADCAST', 'NET_RAW', 'SETGID', 'SETFCAP', 'SETPCAP', 'SETUID', 'SYS_ADMIN', 'SYS_BOOT', 'SYS_CHROOT', 'SYS_MODULE', 'SYS_NICE', 'SYS_PACCT', 'SYS_PTRACE', 'SYS_RAWIO', 'SYS_RESOURCE', 'SYS_TIME', 'SYS_TTY_CONFIG', 'SYSLOG', 'WAKE_ALARM'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment