mirror of https://github.com/docker/cli.git
Revison the some columns to make table clearer
Signed-off-by: Harry Zhang <harryzhang@zju.edu.cn>
This commit is contained in:
parent
5b000494ee
commit
5ed0d9c3de
|
@ -642,7 +642,7 @@ This can be overridden using a third `:rwm` set of options to each `--device` fl
|
||||||
|
|
||||||
In addition to `--privileged`, the operator can have fine grain control over the
|
In addition to `--privileged`, the operator can have fine grain control over the
|
||||||
capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
|
capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default
|
||||||
list of capabilities that are kept. Here is a table to list the reference information on capabilities.
|
list of capabilities that are kept. The following table lists the Linux capability options which can be added or dropped.
|
||||||
|
|
||||||
| Capability Key | Capability Description |
|
| Capability Key | Capability Description |
|
||||||
| :----------------- | :---------------| :-------------------- |
|
| :----------------- | :---------------| :-------------------- |
|
||||||
|
@ -652,7 +652,7 @@ list of capabilities that are kept. Here is a table to list the reference inform
|
||||||
| SYS_PACCT | Use acct(2), switch process accounting on or off. |
|
| SYS_PACCT | Use acct(2), switch process accounting on or off. |
|
||||||
| SYS_ADMIN | Perform a range of system administration operations. |
|
| SYS_ADMIN | Perform a range of system administration operations. |
|
||||||
| SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. |
|
| SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. |
|
||||||
| SYS_RESOURCE | Override Resource Limits. |
|
| SYS_RESOURCE | Override resource Limits. |
|
||||||
| SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. |
|
| SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. |
|
||||||
| SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. |
|
| SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. |
|
||||||
| MKNOD | Create special files using mknod(2). |
|
| MKNOD | Create special files using mknod(2). |
|
||||||
|
@ -672,7 +672,7 @@ list of capabilities that are kept. Here is a table to list the reference inform
|
||||||
| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. |
|
| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. |
|
||||||
| SETUID | Make arbitrary manipulations of process UIDs. |
|
| SETUID | Make arbitrary manipulations of process UIDs. |
|
||||||
| LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. |
|
| LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. |
|
||||||
| NET_BIND_SERVICE | Bind a socket to Internet domain privileged ports (port numbers less than 1024). |
|
| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). |
|
||||||
| NET_BROADCAST | Make socket broadcasts, and listen to multicasts. |
|
| NET_BROADCAST | Make socket broadcasts, and listen to multicasts. |
|
||||||
| IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). |
|
| IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). |
|
||||||
| IPC_OWNER | Bypass permission checks for operations on System V IPC objects. |
|
| IPC_OWNER | Bypass permission checks for operations on System V IPC objects. |
|
||||||
|
@ -684,7 +684,7 @@ list of capabilities that are kept. Here is a table to list the reference inform
|
||||||
| WAKE_ALARM | Trigger something that will wake up the system. |
|
| WAKE_ALARM | Trigger something that will wake up the system. |
|
||||||
| BLOCK_SUSPEND | Employ features that can block system suspend. |
|
| BLOCK_SUSPEND | Employ features that can block system suspend. |
|
||||||
|
|
||||||
For futher understanding, please check [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities)
|
Further reference information is available on the [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities)
|
||||||
|
|
||||||
Both flags support the value `all`, so if the
|
Both flags support the value `all`, so if the
|
||||||
operator wants to have all capabilities but `MKNOD` they could use:
|
operator wants to have all capabilities but `MKNOD` they could use:
|
||||||
|
|
Loading…
Reference in New Issue