Class CfnTaskDefinition.KernelCapabilitiesProperty
The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.ECS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnTaskDefinition.KernelCapabilitiesProperty : CfnTaskDefinition.IKernelCapabilitiesPropertySyntax (vb)
Public Class CfnTaskDefinition.KernelCapabilitiesProperty Implements CfnTaskDefinition.IKernelCapabilitiesPropertyRemarks
For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.
The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.ECS;
var kernelCapabilitiesProperty = new KernelCapabilitiesProperty {
Add = new [] { "add" },
Drop = new [] { "drop" }
};Synopsis
Constructors
| KernelCapabilitiesProperty() | The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. |
Properties
| Add | The Linux capabilities for the container that have been added to the default configuration provided by Docker. |
| Drop | The Linux capabilities for the container that have been removed from the default configuration provided by Docker. |
Constructors
KernelCapabilitiesProperty()
The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition.
public KernelCapabilitiesProperty()Remarks
For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.
The following describes how Docker processes the Linux capabilities specified in the add and drop request parameters. For information about the latest behavior, see Docker Compose: order of cap_drop and cap_add in the Docker Community Forum.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.ECS;
var kernelCapabilitiesProperty = new KernelCapabilitiesProperty {
Add = new [] { "add" },
Drop = new [] { "drop" }
};Properties
Add
The Linux capabilities for the container that have been added to the default configuration provided by Docker.
public string[]? Add { get; set; }Property Value
string[]
Remarks
This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run.
Tasks launched on AWS Fargate only support adding the <code>SYS_PTRACE</code> kernel capability.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"
Drop
The Linux capabilities for the container that have been removed from the default configuration provided by Docker.
public string[]? Drop { get; set; }Property Value
string[]
Remarks
This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run.
Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"