software.amazon.awscdk.services.ecs

Interface CfnTaskDefinition.KernelCapabilitiesProperty

All Known Implementing Classes:

CfnTaskDefinition.KernelCapabilitiesProperty.Jsii$Proxy

Enclosing class:

CfnTaskDefinition

public static interface CfnTaskDefinition.KernelCapabilitiesProperty

The `KernelCapabilities` property specifies the Linux capabilities for the container that are added to or dropped from the default configuration that is provided by Docker.

For more information on the default capabilities and the non-default available capabilities, see Runtime privilege and Linux capabilities in the Docker run reference . For more detailed information on these Linux capabilities, see the capabilities(7) Linux manual page.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ecs.*;
 KernelCapabilitiesProperty kernelCapabilitiesProperty = KernelCapabilitiesProperty.builder()
         .add(List.of("add"))
         .drop(List.of("drop"))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	CfnTaskDefinition.KernelCapabilitiesProperty.Builder A builder for CfnTaskDefinition.KernelCapabilitiesProperty
static class	CfnTaskDefinition.KernelCapabilitiesProperty.Jsii$Proxy An implementation for CfnTaskDefinition.KernelCapabilitiesProperty

Method Summary

Modifier and Type	Method and Description
static CfnTaskDefinition.KernelCapabilitiesProperty.Builder	builder()
default java.util.List<java.lang.String>	getAdd() The Linux capabilities for the container that have been added to the default configuration provided by Docker.
default java.util.List<java.lang.String>	getDrop() The Linux capabilities for the container that have been removed from the default configuration provided by Docker.

Method Detail

getAdd

default java.util.List<java.lang.String> getAdd()

The Linux capabilities for the container that have been added to the default configuration provided by Docker.

This parameter maps to CapAdd in the Create a container section of the Docker Remote API and the --cap-add option to docker run .

Tasks launched on AWS Fargate only support adding the SYS_PTRACE kernel capability.

Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

getDrop

default java.util.List<java.lang.String> getDrop()

The Linux capabilities for the container that have been removed from the default configuration provided by Docker.

This parameter maps to CapDrop in the Create a container section of the Docker Remote API and the --cap-drop option to docker run .

Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

builder

static CfnTaskDefinition.KernelCapabilitiesProperty.Builder builder()

Returns:

a CfnTaskDefinition.KernelCapabilitiesProperty.Builder of CfnTaskDefinition.KernelCapabilitiesProperty