Class: Aws::ECS::Types::KernelCapabilities
- Inherits:
-
Struct
- Object
- Struct
- Aws::ECS::Types::KernelCapabilities
- Defined in:
- gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb
Overview
The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.
The following describes how Docker processes the Linux capabilities
specified in the add
and drop
request parameters. For information
about the latest behavior, see Docker Compose: order of cap_drop and
cap_add in the Docker Community Forum.
When the container is a privleged container, the container capabilities are all of the default Docker capabilities. The capabilities specified in the
add
request parameter, and thedrop
request parameter are ignored.When the
add
request parameter is set to ALL, the container capabilities are all of the default Docker capabilities, excluding those specified in thedrop
request parameter.When the
drop
request parameter is set to ALL, the container capabilities are the capabilities specified in theadd
request parameter.When the
add
request parameter and thedrop
request parameter are both empty, the capabilities the container capabilities are all of the default Docker capabilities.The default is to first drop the capabilities specified in the
drop
request parameter, and then add the capabilities specified in theadd
request parameter.
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the default configuration provided by Docker.
-
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from the default configuration provided by Docker.
Instance Attribute Details
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the
default configuration provided by Docker. This parameter maps to
CapAdd
in the docker container create command and the --cap-add
option to docker run.
SYS_PTRACE
kernel capability.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" |
"BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" |
"FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" |
"LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" |
"NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" |
"SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" |
"SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT"
| "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" |
"SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
5734 5735 5736 5737 5738 5739 |
# File 'gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb', line 5734 class KernelCapabilities < Struct.new( :add, :drop) SENSITIVE = [] include Aws::Structure end |
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from
the default configuration provided by Docker. This parameter maps to
CapDrop
in the docker container create command and the
--cap-drop
option to docker run.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" |
"BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" |
"FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" |
"LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" |
"NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" |
"SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" |
"SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT"
| "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" |
"SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
5734 5735 5736 5737 5738 5739 |
# File 'gems/aws-sdk-ecs/lib/aws-sdk-ecs/types.rb', line 5734 class KernelCapabilities < Struct.new( :add, :drop) SENSITIVE = [] include Aws::Structure end |