sonic-buildimage/rules/docker-eventd.mk
Mai Bui f8a85c0a9f
[docker-eventd] limit privileged flag for eventd container (#16750)
### Why I did it
HLD implementation: Container Hardening (https://github.com/sonic-net/SONiC/pull/1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420

#### How I did it
Reduce linux capabilities in privileged flag
#### How to verify it
Run eventd sonic-mgmt tests
2023-10-02 09:51:24 -07:00

41 lines
1.4 KiB
Makefile

# docker image for eventd
DOCKER_EVENTD_STEM = docker-eventd
DOCKER_EVENTD = $(DOCKER_EVENTD_STEM).gz
DOCKER_EVENTD_DBG = $(DOCKER_EVENTD_STEM)-$(DBG_IMAGE_MARK).gz
$(DOCKER_EVENTD)_DEPENDS += $(SONIC_EVENTD)
$(DOCKER_EVENTD)_DBG_DEPENDS = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_DEPENDS)
$(DOCKER_EVENTD)_DBG_DEPENDS += $(SONIC_EVENTD_DBG) $(LIBSWSSCOMMON_DBG)
$(DOCKER_EVENTD)_DBG_IMAGE_PACKAGES = $($(DOCKER_CONFIG_ENGINE_BULLSEYE)_DBG_IMAGE_PACKAGES)
$(DOCKER_EVENTD)_LOAD_DOCKERS = $(DOCKER_CONFIG_ENGINE_BULLSEYE)
$(DOCKER_EVENTD)_PATH = $(DOCKERS_PATH)/$(DOCKER_EVENTD_STEM)
$(DOCKER_EVENTD)_INSTALL_PYTHON_WHEELS = $(SONIC_UTILITIES_PY3)
$(DOCKER_EVENTD)_INSTALL_DEBS = $(PYTHON3_SWSSCOMMON)
$(DOCKER_EVENTD)_VERSION = 1.0.0
$(DOCKER_EVENTD)_PACKAGE_NAME = eventd
$(DOCKER_DHCP)_SERVICE_REQUIRES = updategraph
$(DOCKER_DHCP)_SERVICE_AFTER = database
SONIC_DOCKER_IMAGES += $(DOCKER_EVENTD)
SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_EVENTD)
SONIC_DOCKER_DBG_IMAGES += $(DOCKER_EVENTD_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_EVENTD_DBG)
$(DOCKER_EVENTD)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
$(DOCKER_EVENTD)_CONTAINER_NAME = eventd
$(DOCKER_EVENTD)_RUN_OPT += -t
$(DOCKER_EVENTD)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_EVENTD)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
SONIC_BULLSEYE_DOCKERS += $(DOCKER_EVENTD)
SONIC_BULLSEYE_DBG_DOCKERS += $(DOCKER_EVENTD_DBG)