mirror of https://github.com/docker/cli.git
Fix documentation on --security-opt seccomp
Missing documentation and man pages on seccomp options. Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
parent
d219111855
commit
2d0316cb43
|
@ -608,6 +608,9 @@ with the same logic -- if the original volume was specified with a name it will
|
||||||
to the container
|
to the container
|
||||||
--security-opt="no-new-privileges" : Disable container processes from gaining
|
--security-opt="no-new-privileges" : Disable container processes from gaining
|
||||||
new privileges
|
new privileges
|
||||||
|
--security-opt="seccomp:unconfined": Turn off seccomp confinement for the container
|
||||||
|
--security-opt="seccomp:profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter
|
||||||
|
|
||||||
|
|
||||||
You can override the default labeling scheme for each container by specifying
|
You can override the default labeling scheme for each container by specifying
|
||||||
the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
|
the `--security-opt` flag. For example, you can specify the MCS/MLS level, a
|
||||||
|
|
|
@ -316,6 +316,15 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
|
||||||
**--security-opt**=[]
|
**--security-opt**=[]
|
||||||
Security Options
|
Security Options
|
||||||
|
|
||||||
|
"label:user:USER" : Set the label user for the container
|
||||||
|
"label:role:ROLE" : Set the label role for the container
|
||||||
|
"label:type:TYPE" : Set the label type for the container
|
||||||
|
"label:level:LEVEL" : Set the label level for the container
|
||||||
|
"label:disable" : Turn off label confinement for the container
|
||||||
|
"no-new-privileges" : Disable container processes from gaining additional privileges
|
||||||
|
"seccomp:unconfined" : Turn off seccomp confinement for the container
|
||||||
|
"seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
|
||||||
|
|
||||||
**--stop-signal**=*SIGTERM*
|
**--stop-signal**=*SIGTERM*
|
||||||
Signal to stop a container. Default is SIGTERM.
|
Signal to stop a container. Default is SIGTERM.
|
||||||
|
|
||||||
|
|
|
@ -468,8 +468,11 @@ its root filesystem mounted as read only prohibiting any writes.
|
||||||
"label:type:TYPE" : Set the label type for the container
|
"label:type:TYPE" : Set the label type for the container
|
||||||
"label:level:LEVEL" : Set the label level for the container
|
"label:level:LEVEL" : Set the label level for the container
|
||||||
"label:disable" : Turn off label confinement for the container
|
"label:disable" : Turn off label confinement for the container
|
||||||
|
|
||||||
"no-new-privileges" : Disable container processes from gaining additional privileges
|
"no-new-privileges" : Disable container processes from gaining additional privileges
|
||||||
|
|
||||||
|
"seccomp:unconfined" : Turn off seccomp confinement for the container
|
||||||
|
"seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter
|
||||||
|
|
||||||
**--stop-signal**=*SIGTERM*
|
**--stop-signal**=*SIGTERM*
|
||||||
Signal to stop a container. Default is SIGTERM.
|
Signal to stop a container. Default is SIGTERM.
|
||||||
|
|
Loading…
Reference in New Issue