explicitly add container capablilities
This commit is contained in:
parent
18ffc84379
commit
4267e56c71
14
new_image.sh
14
new_image.sh
|
@ -50,7 +50,19 @@ docker build \
|
|||
|
||||
rm image/pubkey
|
||||
echo "Starting container..."
|
||||
container_id="$(docker run -p $user_sshd_port:$user_sshd_port -h slbr -d "slbr:$username")"
|
||||
container_id="$(
|
||||
docker run \
|
||||
--cap-drop ALL \
|
||||
--cap-add AUDIT_WRITE \
|
||||
--cap-add CHOWN \
|
||||
--cap-add SETGID \
|
||||
--cap-add SETPCAP \
|
||||
--cap-add SETUID \
|
||||
--cap-add SYS_CHROOT \
|
||||
-p $user_sshd_port:$user_sshd_port \
|
||||
-h slbr \
|
||||
-d "slbr:$username"
|
||||
)"
|
||||
container_ip="$(
|
||||
docker container inspect "$container_id" \
|
||||
| jq '.[0].NetworkSettings.Networks.bridge.IPAddress'
|
||||
|
|
Loading…
Reference in New Issue