I'm very new to rkt (coming from docker). In docker I can add NET_ADMIN capabilities to a container:
docker run -d -p 53:53/tcp --cap-add=NET_ADMIN my_image
How do I do this in rkt?
Asked
Active
Viewed 328 times
1
stambata
- 1,598
- 3
- 13
- 18
Freedom_Ben
- 115
- 7
1 Answers
3
There's no way to add capabilities to the default set at runtime in rkt. However, as of v1.9.0, you can specify capabilities to remove from that set or you can override them with your own set.
To achieve an equivalent set of capabilities, you can take docker's default capability set and add CAP_NET_ADMIN:
rkt run my_image --cap-retain="CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FSETID,CAP_FOWNER,CAP_MKNOD,CAP_NET_RAW,CAP_SETGID,CAP_SETUID,CAP_SETFCAP,CAP_SETPCAP,CAP_NET_BIND_SERVICE,CAP_SYS_CHROOT,CAP_KILL,CAP_AUDIT_WRITE,CAP_NET_ADMIN"
iaguis
- 46
- 1