mirror of
https://github.com/containers/podman
synced 2024-10-19 16:54:07 +00:00
Reveal information about container capabilities
I am often asked about the list of capabilities availabel to a container. We should be listing this data in the inspect command for effective capabilities and the bounding set. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1335 Approved by: TomSweeneyRedHat
This commit is contained in:
parent
16465007d0
commit
e7fbf329c2
|
@ -96,6 +96,11 @@ overlay
|
|||
size: 4405240
|
||||
```
|
||||
|
||||
```
|
||||
podman inspect --latest --format {{.EffectiveCaps}}
|
||||
[CAP_CHOWN CAP_DAC_OVERRIDE CAP_FSETID CAP_FOWNER CAP_MKNOD CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETFCAP CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_SYS_CHROOT CAP_KILL CAP_AUDIT_WRITE]
|
||||
```
|
||||
|
||||
## SEE ALSO
|
||||
podman(1)
|
||||
|
||||
|
|
|
@ -79,6 +79,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
|
|||
Name: config.Name,
|
||||
Driver: driverData.Name,
|
||||
MountLabel: config.MountLabel,
|
||||
EffectiveCaps: spec.Process.Capabilities.Effective,
|
||||
BoundingCaps: spec.Process.Capabilities.Bounding,
|
||||
ProcessLabel: spec.Process.SelinuxLabel,
|
||||
AppArmorProfile: spec.Process.ApparmorProfile,
|
||||
ExecIDs: execIDs,
|
||||
|
|
|
@ -161,6 +161,8 @@ type ContainerInspectData struct {
|
|||
MountLabel string `json:"MountLabel"`
|
||||
ProcessLabel string `json:"ProcessLabel"`
|
||||
AppArmorProfile string `json:"AppArmorProfile"`
|
||||
EffectiveCaps []string `json:"EffectiveCaps"`
|
||||
BoundingCaps []string `json:"BoundingCaps"`
|
||||
ExecIDs []string `json:"ExecIDs"`
|
||||
GraphDriver *Data `json:"GraphDriver"`
|
||||
SizeRw int64 `json:"SizeRw,omitempty"`
|
||||
|
|
Loading…
Reference in a new issue