| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- package template
- import (
- "github.com/dotcloud/docker/pkg/apparmor"
- "github.com/dotcloud/docker/pkg/cgroups"
- "github.com/dotcloud/docker/pkg/libcontainer"
- )
- // New returns the docker default configuration for libcontainer
- func New() *libcontainer.Container {
- container := &libcontainer.Container{
- CapabilitiesMask: map[string]bool{
- "SETPCAP": false,
- "SYS_MODULE": false,
- "SYS_RAWIO": false,
- "SYS_PACCT": false,
- "SYS_ADMIN": false,
- "SYS_NICE": false,
- "SYS_RESOURCE": false,
- "SYS_TIME": false,
- "SYS_TTY_CONFIG": false,
- "AUDIT_WRITE": false,
- "AUDIT_CONTROL": false,
- "MAC_OVERRIDE": false,
- "MAC_ADMIN": false,
- "NET_ADMIN": false,
- "MKNOD": true,
- "SYSLOG": false,
- },
- Namespaces: map[string]bool{
- "NEWNS": true,
- "NEWUTS": true,
- "NEWIPC": true,
- "NEWPID": true,
- "NEWNET": true,
- },
- Cgroups: &cgroups.Cgroup{
- Parent: "docker",
- DeviceAccess: false,
- },
- Context: libcontainer.Context{},
- }
- if apparmor.IsEnabled() {
- container.Context["apparmor_profile"] = "docker-default"
- }
- return container
- }
|
