Browse code
Merge pull request #32944 from cpuguy83/add_no_new_privs_flag
| ... | ... |
@@ -46,6 +46,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
|
| 46 | 46 |
flags.Int64Var(&conf.CPURealtimeRuntime, "cpu-rt-runtime", 0, "Limit the CPU real-time runtime in microseconds") |
| 47 | 47 |
flags.StringVar(&conf.SeccompProfile, "seccomp-profile", "", "Path to seccomp profile") |
| 48 | 48 |
flags.Var(&conf.ShmSize, "default-shm-size", "Default shm size for containers") |
| 49 |
+ flags.BoolVar(&conf.NoNewPrivileges, "no-new-privileges", false, "Set no-new-privileges by default for new containers") |
|
| 49 | 50 |
|
| 50 | 51 |
attachExperimentalFlags(conf, flags) |
| 51 | 52 |
} |
| ... | ... |
@@ -71,6 +71,7 @@ Options: |
| 71 | 71 |
--max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) |
| 72 | 72 |
--metrics-addr string Set default address and port to serve the metrics api on |
| 73 | 73 |
--mtu int Set the containers network MTU |
| 74 |
+ --no-new-privileges Set no-new-privileges by default for new containers |
|
| 74 | 75 |
--oom-score-adjust int Set the oom_score_adj for the daemon (default -500) |
| 75 | 76 |
-p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") |
| 76 | 77 |
--raw-logs Full timestamps without ANSI coloring |