[docker-sonic-mgmt-framework] limit privileged flag for mgmt-framework container (#17217)
Why I did it HLD implementation: Container Hardening (sonic-net/SONiC#1364) Work item tracking Microsoft ADO (number only): 14807420 How I did it Reduce linux capabilities in privileged flag How to verify it Check container's settings: Privileged is false and container only has default Linux caps, does not have extended caps.
This commit is contained in:
parent
69f949671c
commit
80615f45db
@ -29,7 +29,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MGMT_FRAMEWORK_DBG)
|
|||||||
endif
|
endif
|
||||||
|
|
||||||
$(DOCKER_MGMT_FRAMEWORK)_CONTAINER_NAME = mgmt-framework
|
$(DOCKER_MGMT_FRAMEWORK)_CONTAINER_NAME = mgmt-framework
|
||||||
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += --privileged -t
|
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -t
|
||||||
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
||||||
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
||||||
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc:/host_etc:ro
|
$(DOCKER_MGMT_FRAMEWORK)_RUN_OPT += -v /etc:/host_etc:ro
|
||||||
|
Loading…
Reference in New Issue
Block a user