You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/k8s-best-practices-linux-capabilities.adoc
-8Lines changed: 0 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,14 +10,6 @@ Users may choose to specify the required permissions for their running applicati
10
10
11
11
The following runtime and SCC attributes control the capabilities that will be granted to a new container:
12
12
13
-
* The capabilities granted to the CRI-O engine. The default capabilities are listed here: link:https://github.com/cri-o/cri-o/blob/master/internal/config/capabilities/capabilities.go[]
14
-
+
15
-
[NOTE]
16
-
====
17
-
As of Kubernetes version 1.18, CRI-O no longer runs with NET_RAW or SYS_CHROOT by default.
18
-
link:https://cri-o.github.io/cri-o/v1.18.0.html[]
19
-
====
20
-
21
13
* The values in the SCC for `allowedCapabilities`, `defaultAddCapabilities` and `requiredDropCapabilities`
22
14
23
15
* `allowPrivilegeEscalation`: controls whether a container can acquire extra privileges through setuid binaries or the file capabilities of binaries
0 commit comments