Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for ambient capabilities 

Linux kernel 4.3 and later supports "ambient capabilities" which are the
only way to pass capabilities to containers running as a non root uid.

Previously there was no way to allow containers not running as root
capabilities in a useful way.

Fix #8460

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
Justin Cormack 2016-09-28 13:46:11 +01:00 committed by Tibor Vass
parent cfd1182bda
commit 856a50e733
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/reference/run.md
View File

@ -1220,6 +1220,10 @@ since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be nec
to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding
capabilities.
It is only possible to grant capabilities to a container running as a user other than `root`
on a system with a Linux kernel version of 4.3 or later, as this requires "ambient capabilities"
to be granted. These will be added if the kernel allows it from Docker version 1.13.
## Logging drivers (--log-driver)
The container can have a different logging driver than the Docker daemon. Use