Remove privileged flag for database and snmp docker (#13783)

#### Why I did it
Reduce docker privilege 
This is part of HLD https://github.com/sonic-net/SONiC/pull/1364

#### How I did it
Remove flag --privileged
#### How to verify it
docker exec -it database bash
root@0048b82b460b:/# ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted
This commit is contained in:
Andriy Dobush 2023-08-15 21:18:50 +03:00 committed by GitHub
parent 1626e198a8
commit cf72683f12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View File

@ -25,7 +25,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG) SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
$(DOCKER_DATABASE)_CONTAINER_NAME = database $(DOCKER_DATABASE)_CONTAINER_NAME = database
$(DOCKER_DATABASE)_RUN_OPT += --privileged -t $(DOCKER_DATABASE)_RUN_OPT += -t
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro $(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro $(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro

View File

@ -28,7 +28,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG) SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
$(DOCKER_SNMP)_CONTAINER_NAME = snmp $(DOCKER_SNMP)_CONTAINER_NAME = snmp
$(DOCKER_SNMP)_RUN_OPT += --privileged -t $(DOCKER_SNMP)_RUN_OPT += -t
$(DOCKER_SNMP)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro $(DOCKER_SNMP)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_SNMP)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro $(DOCKER_SNMP)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
$(DOCKER_SNMP)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT) $(DOCKER_SNMP)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)