Class: Aws::ECS::Types::KernelCapabilities
- Inherits:
-
Struct
- Object
- Struct
- Aws::ECS::Types::KernelCapabilities
- Defined in:
- gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb
Overview
The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.
The following describes how Docker processes the Linux capabilities
specified in the add and drop request parameters. For information
about the latest behavior, see Docker Compose: order of cap_drop and
cap_add in the Docker Community Forum.
When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the
addrequest parameter, and thedroprequest parameter are ignored.When the
addrequest parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in thedroprequest parameter.When the
droprequest parameter is set to ALL, the container capabilities are the capabilities specified in theaddrequest parameter.When the
addrequest parameter and thedroprequest parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.The default is to first drop the capabilities specified in the
droprequest parameter, and then add the capabilities specified in theaddrequest parameter.
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the default configuration provided by Docker.
-
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from the default configuration provided by Docker.
Instance Attribute Details
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the
default configuration provided by Docker. This parameter maps to
CapAdd in the docker container create command and the --cap-add
option to docker run.
SYS_PTRACE
kernel capability.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" |
"BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" |
"FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" |
"LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" |
"NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" |
"SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" |
"SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT"
| "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" |
"SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
5734 5735 5736 5737 5738 5739 |
# File 'gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb', line 5734 class KernelCapabilities < Struct.new( :add, :drop) SENSITIVE = [] include Aws::Structure end |
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from
the default configuration provided by Docker. This parameter maps to
CapDrop in the docker container create command and the
--cap-drop option to docker run.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" |
"BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" |
"FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" |
"LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" |
"NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" |
"SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" |
"SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT"
| "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" |
"SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
5734 5735 5736 5737 5738 5739 |
# File 'gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb', line 5734 class KernelCapabilities < Struct.new( :add, :drop) SENSITIVE = [] include Aws::Structure end |