Remove privileged flag for database and snmp docker (#13783)
#### Why I did it Reduce docker privilege This is part of HLD https://github.com/sonic-net/SONiC/pull/1364 #### How I did it Remove flag --privileged #### How to verify it docker exec -it database bash root@0048b82b460b:/# ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted
This commit is contained in:
parent
1626e198a8
commit
cf72683f12
@ -25,7 +25,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
|
|||||||
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
|
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
|
||||||
|
|
||||||
$(DOCKER_DATABASE)_CONTAINER_NAME = database
|
$(DOCKER_DATABASE)_CONTAINER_NAME = database
|
||||||
$(DOCKER_DATABASE)_RUN_OPT += --privileged -t
|
$(DOCKER_DATABASE)_RUN_OPT += -t
|
||||||
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
||||||
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
|
|||||||
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
|
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
|
||||||
|
|
||||||
$(DOCKER_SNMP)_CONTAINER_NAME = snmp
|
$(DOCKER_SNMP)_CONTAINER_NAME = snmp
|
||||||
$(DOCKER_SNMP)_RUN_OPT += --privileged -t
|
$(DOCKER_SNMP)_RUN_OPT += -t
|
||||||
$(DOCKER_SNMP)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
$(DOCKER_SNMP)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
|
||||||
$(DOCKER_SNMP)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
$(DOCKER_SNMP)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
|
||||||
$(DOCKER_SNMP)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
$(DOCKER_SNMP)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
|
||||||
|
Loading…
Reference in New Issue
Block a user