Browse code
Service privileges: API docs
This documents the Service privileges
API changes, that were added in:
091b5e68ea735bf4e8ece708bbc8c413a32eab73
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2017/07/07 10:59:29Showing 2 changed files
| ... | ... |
@@ -2043,6 +2043,57 @@ definitions: |
| 2043 | 2043 |
description: "A list of additional groups that the container process will run as." |
| 2044 | 2044 |
items: |
| 2045 | 2045 |
type: "string" |
| 2046 |
+ Privileges: |
|
| 2047 |
+ type: "object" |
|
| 2048 |
+ description: "Security options for the container" |
|
| 2049 |
+ properties: |
|
| 2050 |
+ CredentialSpec: |
|
| 2051 |
+ type: "object" |
|
| 2052 |
+ description: "CredentialSpec for managed service account (Windows only)" |
|
| 2053 |
+ properties: |
|
| 2054 |
+ File: |
|
| 2055 |
+ type: "string" |
|
| 2056 |
+ description: | |
|
| 2057 |
+ Load credential spec from this file. The file is read by the daemon, and must be present in the |
|
| 2058 |
+ `CredentialSpecs` subdirectory in the docker data directory, which defaults to |
|
| 2059 |
+ `C:\ProgramData\Docker\` on Windows. |
|
| 2060 |
+ |
|
| 2061 |
+ For example, specifying `spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`. |
|
| 2062 |
+ |
|
| 2063 |
+ <p><br /></p> |
|
| 2064 |
+ |
|
| 2065 |
+ > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive. |
|
| 2066 |
+ Registry: |
|
| 2067 |
+ type: "string" |
|
| 2068 |
+ description: | |
|
| 2069 |
+ Load credential spec from this value in the Windows registry. The specified registry value must be |
|
| 2070 |
+ located in: |
|
| 2071 |
+ |
|
| 2072 |
+ `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs` |
|
| 2073 |
+ |
|
| 2074 |
+ <p><br /></p> |
|
| 2075 |
+ |
|
| 2076 |
+ |
|
| 2077 |
+ > **Note**: `CredentialSpec.File` and `CredentialSpec.Registry` are mutually exclusive. |
|
| 2078 |
+ SELinuxContext: |
|
| 2079 |
+ type: "object" |
|
| 2080 |
+ description: "SELinux labels of the container" |
|
| 2081 |
+ properties: |
|
| 2082 |
+ Disable: |
|
| 2083 |
+ type: "boolean" |
|
| 2084 |
+ description: "Disable SELinux" |
|
| 2085 |
+ User: |
|
| 2086 |
+ type: "string" |
|
| 2087 |
+ description: "SELinux user label" |
|
| 2088 |
+ Role: |
|
| 2089 |
+ type: "string" |
|
| 2090 |
+ description: "SELinux role label" |
|
| 2091 |
+ Type: |
|
| 2092 |
+ type: "string" |
|
| 2093 |
+ description: "SELinux type label" |
|
| 2094 |
+ Level: |
|
| 2095 |
+ type: "string" |
|
| 2096 |
+ description: "SELinux level label" |
|
| 2046 | 2097 |
TTY: |
| 2047 | 2098 |
description: "Whether a pseudo-TTY should be allocated." |
| 2048 | 2099 |
type: "boolean" |
| ... | ... |
@@ -62,6 +62,8 @@ keywords: "API, Docker, rcli, REST, documentation" |
| 62 | 62 |
* `POST /containers/create`, `POST /service/create` and `POST /services/(id or name)/update` now takes the field `StartPeriod` as a part of the `HealthConfig` allowing for specification of a period during which the container should not be considered unhealthy even if health checks do not pass. |
| 63 | 63 |
* `GET /services/(id)` now accepts an `insertDefaults` query-parameter to merge default values into the service inspect output. |
| 64 | 64 |
* `POST /containers/prune`, `POST /images/prune`, `POST /volumes/prune`, and `POST /networks/prune` now support a `label` filter to filter containers, images, volumes, or networks based on the label. The format of the label filter could be `label=<key>`/`label=<key>=<value>` to remove those with the specified labels, or `label!=<key>`/`label!=<key>=<value>` to remove those without the specified labels. |
| 65 |
+* `POST /services/create` now accepts `Privileges` as part of `ContainerSpec`. Privileges currently include |
|
| 66 |
+ `CredentialSpec` and `SELinuxContext`. |
|
| 65 | 67 |
|
| 66 | 68 |
## v1.28 API changes |
| 67 | 69 |
|