list of label specification for required capabilties
These labels allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" will tell container engines that the contained image should work fine withi just these two capabilties, instead of running with the default capabilities, Defined as a list, since this has not been standardized yet, we want to make this a standard, and the standard label might be different then the label we choose, so eventually we might need to add a standard label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
d8ecc3ce53
commit
112e5a7b20
|
|
@ -18,6 +18,10 @@ var (
|
||||||
|
|
||||||
// ErrUnknownCapability is thrown when an unknown capability is processed.
|
// ErrUnknownCapability is thrown when an unknown capability is processed.
|
||||||
ErrUnknownCapability = errors.New("unknown capability")
|
ErrUnknownCapability = errors.New("unknown capability")
|
||||||
|
|
||||||
|
// ContainerImageLabels - label can indicate the required
|
||||||
|
// capabilities required by containers to run the container image.
|
||||||
|
ContainerImageLabels = []string{"io.containers.capabilities"}
|
||||||
)
|
)
|
||||||
|
|
||||||
// All is a special value used to add/drop all known capababilities.
|
// All is a special value used to add/drop all known capababilities.
|
||||||
|
|
@ -47,6 +51,7 @@ func stringInSlice(s string, sl []string) bool {
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// AllCapabilities returns all known capabilities.
|
// AllCapabilities returns all known capabilities.
|
||||||
func AllCapabilities() []string {
|
func AllCapabilities() []string {
|
||||||
return capabilityList
|
return capabilityList
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue