diff options
| author | unclejack <unclejack@users.noreply.github.com> | 2014-04-09 01:56:01 +0300 |
|---|---|---|
| committer | unclejack <unclejack@users.noreply.github.com> | 2014-04-09 01:56:01 +0300 |
| commit | e128a606e39fa63c6b4fd6e53a1d88cf00aad868 (patch) | |
| tree | 199ee7eb6678ffecd2ddad95fce794c795ad5183 /runtime/execdriver/native/template | |
| parent | 143c9707a9fafc39e1d9747f528db97b2564f01e (diff) | |
| parent | dc9c28f51d669d6b09e81c2381f800f1a33bb659 (diff) | |
| download | docker-release-0.10.tar.gz | |
Merge pull request #5079 from unclejack/bump_v0.10.0release-0.100.10.1-hotfixes
Bump version to v0.10.0
Diffstat (limited to 'runtime/execdriver/native/template')
| -rw-r--r-- | runtime/execdriver/native/template/default_template.go | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go new file mode 100644 index 0000000000..a1ecb04d76 --- /dev/null +++ b/runtime/execdriver/native/template/default_template.go @@ -0,0 +1,45 @@ +package template + +import ( + "github.com/dotcloud/docker/pkg/cgroups" + "github.com/dotcloud/docker/pkg/libcontainer" +) + +// New returns the docker default configuration for libcontainer +func New() *libcontainer.Container { + container := &libcontainer.Container{ + CapabilitiesMask: libcontainer.Capabilities{ + libcontainer.GetCapability("SETPCAP"), + libcontainer.GetCapability("SYS_MODULE"), + libcontainer.GetCapability("SYS_RAWIO"), + libcontainer.GetCapability("SYS_PACCT"), + libcontainer.GetCapability("SYS_ADMIN"), + libcontainer.GetCapability("SYS_NICE"), + libcontainer.GetCapability("SYS_RESOURCE"), + libcontainer.GetCapability("SYS_TIME"), + libcontainer.GetCapability("SYS_TTY_CONFIG"), + libcontainer.GetCapability("AUDIT_WRITE"), + libcontainer.GetCapability("AUDIT_CONTROL"), + libcontainer.GetCapability("MAC_OVERRIDE"), + libcontainer.GetCapability("MAC_ADMIN"), + libcontainer.GetCapability("NET_ADMIN"), + libcontainer.GetCapability("MKNOD"), + }, + Namespaces: libcontainer.Namespaces{ + libcontainer.GetNamespace("NEWNS"), + libcontainer.GetNamespace("NEWUTS"), + libcontainer.GetNamespace("NEWIPC"), + libcontainer.GetNamespace("NEWPID"), + libcontainer.GetNamespace("NEWNET"), + }, + Cgroups: &cgroups.Cgroup{ + Parent: "docker", + DeviceAccess: false, + }, + Context: libcontainer.Context{ + "apparmor_profile": "docker-default", + }, + } + container.CapabilitiesMask.Get("MKNOD").Enabled = true + return container +} |