[docker-radv] limit privileged flag for radv container (#16751)
### Why I did it HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364) ##### Work item tracking - Microsoft ADO **(number only)**: 14807420 #### How I did it Reduce linux capabilities in privileged flag #### How to verify it Run radv sonic-mgmt tests
This commit is contained in:
parent
f8a85c0a9f
commit
273a283d7e
@ -29,7 +29,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_ROUTER_ADVERTISER_DBG)
|
|||||||
endif
|
endif
|
||||||
|
|
||||||
$(DOCKER_ROUTER_ADVERTISER)_CONTAINER_NAME = radv
|
$(DOCKER_ROUTER_ADVERTISER)_CONTAINER_NAME = radv
|
||||||
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += --privileged -t
|
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += -t
|
||||||
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
||||||
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
$(DOCKER_ROUTER_ADVERTISER)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
||||||
$(DOCKER_ROUTER_ADVERTISER)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
$(DOCKER_ROUTER_ADVERTISER)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
||||||
|
Loading…
Reference in New Issue
Block a user