Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var CAPStringsList = []string{
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_MODULE",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_PACCT",
"CAP_SYS_ADMIN",
"CAP_SYS_BOOT",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TIME",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_LEASE",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL",
"CAP_SETFCAP",
"CAP_MAC_OVERRIDE",
"CAP_MAC_ADMIN",
"CAP_SYSLOG",
"CAP_WAKE_ALARM",
"CAP_BLOCK_SUSPEND",
"CAP_AUDIT_READ",
"CAP_PERFMON",
"CAP_BPF",
"CAP_CHECKPOINT_RESTORE",
}
CAPStringsList cap strings with order
var CAP_AUDIT_CONTROL = 30
var CAP_AUDIT_READ = 37
var CAP_AUDIT_WRITE = 29
var CAP_BLOCK_SUSPEND = 36
var CAP_BPF = 39
* CAP_BPF allows the following BPF operations: * - Creating all types of BPF maps * - Advanced verifier features * - Indirect variable access * - Bounded loops * - BPF to BPF function calls * - Scalar precision tracking * - Larger complexity limits * - Dead code elimination * - And potentially other features * - Loading BPF Type Format (BTF) data * - Retrieve xlated and JITed code of BPF programs * - Use bpf_spin_lock() helper * * CAP_PERFMON relaxes the verifier checks further: * - BPF progs can use of pointer-to-integer conversions * - speculation attack hardening measures are bypassed * - bpf_probe_read to read arbitrary kernel memory is allowed * - bpf_trace_printk to print kernel memory is allowed * * CAP_SYS_ADMIN is required to use bpf_probe_write_user. * * CAP_SYS_ADMIN is required to iterate system wide loaded * programs, maps, links, BTFs and convert their IDs to file descriptors. * * CAP_PERFMON and CAP_BPF are required to load tracing programs. * CAP_NET_ADMIN and CAP_BPF are required to load networking programs.
var CAP_CHECKPOINT_RESTORE = 40
var CAP_CHOWN = 0
var CAP_DAC_OVERRIDE = 1
var CAP_DAC_READ_SEARCH = 2
var CAP_FOWNER = 3
var CAP_FSETID = 4
var CAP_IPC_LOCK = 14
var CAP_IPC_OWNER = 15
var CAP_KILL = 5
var CAP_LEASE = 28
var CAP_LINUX_IMMUTABLE = 9
var CAP_MAC_ADMIN = 33
var CAP_MAC_OVERRIDE = 32
var CAP_MKNOD = 27
var CAP_NET_ADMIN = 12
var CAP_NET_BIND_SERVICE = 10
var CAP_NET_BROADCAST = 11
var CAP_NET_RAW = 13
var CAP_PERFMON = 38
var CAP_SETFCAP = 31
var CAP_SETGID = 6
var CAP_SETPCAP = 8
var CAP_SETUID = 7
var CAP_SYSLOG = 34
var CAP_SYS_ADMIN = 21
var CAP_SYS_BOOT = 22
var CAP_SYS_CHROOT = 18
var CAP_SYS_MODULE = 16
Insert and remove kernel modules - modify kernel without limit
var CAP_SYS_NICE = 23
var CAP_SYS_PACCT = 20
var CAP_SYS_PTRACE = 19
var CAP_SYS_RAWIO = 17
var CAP_SYS_RESOURCE = 24
var CAP_SYS_TIME = 25
var CAP_SYS_TTY_CONFIG = 26
var CAP_WAKE_ALARM = 35
var DockerDefaultCaps = []string{
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SYS_CHROOT",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_SETFCAP",
}
Source Files