We use cookies to ensure you get the best experience on our website
Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
0ct0pu5
/
moby
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

Merge pull request #45320 from akerouanton/info-no-new-privileges

Add no-new-privileges to SecurityOptions returned by /info
Sebastiaan van Stijn 2 yıl önce
ebeveyn
7103efac9d eb7738221c
işleme
20a1d23b39
5 değiştirilmiş dosya ile 16 ekleme ve 1 silme
Birleşik Görünüm Farklılık Durumunu Göster
  1. 2 1
      api/swagger.yaml
  2. 3 0
      daemon/info.go
  3. 4 0
      daemon/info_unix.go
  4. 4 0
      daemon/info_windows.go
  5. 3 0
      docs/api/version-history.md

+ 2 - 1
api/swagger.yaml
Dosyayı Görüntüle 

@@ -5243,7 +5243,8 @@ definitions:
 
       SecurityOptions:
 
       SecurityOptions:
 
         description: |
 
         description: |
 
           List of security features that are enabled on the daemon, such as
 
           List of security features that are enabled on the daemon, such as
 
-          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
 
+          apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
 
+          no-new-privileges.
 
 
 
           Additional configuration options for each security feature may
 
           Additional configuration options for each security feature may
 
           be present, and are included as a comma-separated list of key/value
 
           be present, and are included as a comma-separated list of key/value

+ 3 - 0
daemon/info.go
Dosyayı Görüntüle 

@@ -170,6 +170,9 @@ func (daemon *Daemon) fillSecurityOptions(v *types.Info, sysInfo *sysinfo.SysInf
 
 	if daemon.cgroupNamespacesEnabled(sysInfo) {
 
 	if daemon.cgroupNamespacesEnabled(sysInfo) {
 
 		securityOptions = append(securityOptions, "name=cgroupns")
 
 		securityOptions = append(securityOptions, "name=cgroupns")
 
 	}
 
 	}
 
+	if daemon.noNewPrivileges() {
 
+		securityOptions = append(securityOptions, "name=no-new-privileges")
 
+	}
 
 
 
 	v.SecurityOptions = securityOptions
 
 	v.SecurityOptions = securityOptions
 
 }
 
 }

+ 4 - 0
daemon/info_unix.go
Dosyayı Görüntüle 

@@ -369,3 +369,7 @@ func (daemon *Daemon) cgroupNamespacesEnabled(sysInfo *sysinfo.SysInfo) bool {
 
 func (daemon *Daemon) Rootless() bool {
 
 func (daemon *Daemon) Rootless() bool {
 
 	return daemon.configStore.Rootless
 
 	return daemon.configStore.Rootless
 
 }
 
 }
 
+
 
+func (daemon *Daemon) noNewPrivileges() bool {
 
+	return daemon.configStore.NoNewPrivileges
 
+}

+ 4 - 0
daemon/info_windows.go
Dosyayı Görüntüle 

@@ -22,3 +22,7 @@ func (daemon *Daemon) cgroupNamespacesEnabled(sysInfo *sysinfo.SysInfo) bool {
 
 func (daemon *Daemon) Rootless() bool {
 
 func (daemon *Daemon) Rootless() bool {
 
 	return false
 
 	return false
 
 }
 
 }
 
+
 
+func (daemon *Daemon) noNewPrivileges() bool {
 
+	return false
 
+}

+ 3 - 0
docs/api/version-history.md
Dosyayı Görüntüle 

@@ -23,6 +23,9 @@ keywords: "API, Docker, rcli, REST, documentation"
 
 * `GET /images/json` no longer includes hardcoded `<none>:<none>` and
 
 * `GET /images/json` no longer includes hardcoded `<none>:<none>` and
 
   `<none>@<none>` in `RepoTags` and`RepoDigests` for untagged images.
 
   `<none>@<none>` in `RepoTags` and`RepoDigests` for untagged images.
 
   In such cases, empty arrays will be produced instead.
 
   In such cases, empty arrays will be produced instead.
 
+* `GET /info` now includes `no-new-privileges` in the `SecurityOptions` string
 
+  list when this option is enabled globally. This change is not versioned, and
 
+  affects all API versions if the daemon has this patch.
 
 
 
 ## v1.42 API changes
 
 ## v1.42 API changes

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5