mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Service privileges: API docs
This documents the Service privileges
API changes, that were added in:
091b5e68ea
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
f7ce35f47b
commit
d0a8e73e7b
2 changed files with 53 additions and 0 deletions
|
@ -2043,6 +2043,57 @@ definitions:
|
|||
description: "A list of additional groups that the container process will run as."
|
||||
items:
|
||||
type: "string"
|
||||
Privileges:
|
||||
type: "object"
|
||||
description: "Security options for the container"
|
||||
properties:
|
||||
CredentialSpec:
|
||||
type: "object"
|
||||
description: "CredentialSpec for managed service account (Windows only)"
|
||||
properties:
|
||||
File:
|
||||
type: "string"
|
||||
description: |
|
||||
Load credential spec from this file. The file is read by the daemon, and must be present in the
|
||||
`CredentialSpecs` subdirectory in the docker data directory, which defaults to
|
||||
`C:\ProgramData\Docker\` on Windows.
|
||||
|
||||
For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`.
|
||||
|
||||
<p><br /></p>
|
||||
|
||||
> **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
|
||||
Registry:
|
||||
type: "string"
|
||||
description: |
|
||||
Load credential spec from this value in the Windows registry. The specified registry value must be
|
||||
located in:
|
||||
|
||||
`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs`
|
||||
|
||||
<p><br /></p>
|
||||
|
||||
|
||||
> **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive.
|
||||
SELinuxContext:
|
||||
type: "object"
|
||||
description: "SELinux labels of the container"
|
||||
properties:
|
||||
Disable:
|
||||
type: "boolean"
|
||||
description: "Disable SELinux"
|
||||
User:
|
||||
type: "string"
|
||||
description: "SELinux user label"
|
||||
Role:
|
||||
type: "string"
|
||||
description: "SELinux role label"
|
||||
Type:
|
||||
type: "string"
|
||||
description: "SELinux type label"
|
||||
Level:
|
||||
type: "string"
|
||||
description: "SELinux level label"
|
||||
TTY:
|
||||
description: "Whether a pseudo-TTY should be allocated."
|
||||
type: "boolean"
|
||||
|
|
|
@ -62,6 +62,8 @@ keywords: "API, Docker, rcli, REST, documentation"
|
|||
* `POST /containers/create`, `POST /service/create` and `POST /services/(id or name)/update` now takes the field `StartPeriod` as a part of the `HealthConfig` allowing for specification of a period during which the container should not be considered unhealthy even if health checks do not pass.
|
||||
* `GET /services/(id)` now accepts an `insertDefaults` query-parameter to merge default values into the service inspect output.
|
||||
* `POST /containers/prune`, `POST /images/prune`, `POST /volumes/prune`, and `POST /networks/prune` now support a `label` filter to filter containers, images, volumes, or networks based on the label. The format of the label filter could be `label=<key>`/`label=<key>=<value>` to remove those with the specified labels, or `label!=<key>`/`label!=<key>=<value>` to remove those without the specified labels.
|
||||
* `POST /services/create` now accepts `Privileges` as part of `ContainerSpec`. Privileges currently include
|
||||
`CredentialSpec` and `SELinuxContext`.
|
||||
|
||||
## v1.28 API changes
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue