From ba332a60b24f40007e7ef234c0f44ae5a5ff9d49 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 1 May 2017 10:15:03 -0400 Subject: [PATCH] Add no-new-privileg flag The daemon config for defaulting to no-new-privileges for containers was added in d7fda019bb7e24f42f8ae1ddecb3fd52df3c48bf, but somehow we managed to omit the flag itself, but also documented the flag. This just adds the actual flag. Signed-off-by: Brian Goff --- cmd/dockerd/config_unix.go | 1 + docs/reference/commandline/dockerd.md | 1 + 2 files changed, 2 insertions(+) diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go index d79f0b5c9a..8e741aa904 100644 --- a/cmd/dockerd/config_unix.go +++ b/cmd/dockerd/config_unix.go @@ -46,6 +46,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) { flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds") flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile") flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers") + flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers") attachExperimentalFlags(conf, flags) } diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 1fc3ee196f..be800991e1 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -71,6 +71,7 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) --metrics-addr string Set default address and port to serve the metrics api on --mtu int Set the containers network MTU + --no-new-privileges Set no-new-privileges by default for new containers --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring