84 lines
2 KiB
YAML
84 lines
2 KiB
YAML
version: 1
|
|
kinds:
|
|
- name: frr
|
|
cap-add:
|
|
# Zebra requires these
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- SYS_ADMIN
|
|
- AUDIT_WRITE # needed for ssh pty allocation
|
|
- name: ceos
|
|
init: false
|
|
shell: false
|
|
merge: ["env"]
|
|
# Should we cap-drop some of these in privileged mode?
|
|
# ceos kind is special. munet will add args to /sbin/init for each
|
|
# environment variable of the form `systemd.setenv=ENVNAME=VALUE` for each
|
|
# environment varialbe named ENVNAME with a value of `VALUE`. If cmd: is
|
|
# changed to anything but `/sbin/init` munet will not do this.
|
|
cmd: /sbin/init
|
|
privileged: true
|
|
env:
|
|
- name: "EOS_PLATFORM"
|
|
value: "ceoslab"
|
|
- name: "container"
|
|
value: "docker"
|
|
- name: "ETBA"
|
|
value: "4"
|
|
- name: "SKIP_ZEROTOUCH_BARRIER_IN_SYSDBINIT"
|
|
value: "1"
|
|
- name: "INTFTYPE"
|
|
value: "eth"
|
|
- name: "MAPETH0"
|
|
value: "1"
|
|
- name: "MGMT_INTF"
|
|
value: "eth0"
|
|
- name: "CEOS"
|
|
value: "1"
|
|
|
|
# cap-add:
|
|
# # cEOS requires these, except GNMI still doesn't work
|
|
# # - NET_ADMIN
|
|
# # - NET_RAW
|
|
# # - SYS_ADMIN
|
|
# # - SYS_RESOURCE # Required for the CLI
|
|
|
|
# All Caps
|
|
# - AUDIT_CONTROL
|
|
# - AUDIT_READ
|
|
# - AUDIT_WRITE
|
|
# - BLOCK_SUSPEND
|
|
# - CHOWN
|
|
# - DAC_OVERRIDE
|
|
# - DAC_READ_SEARCH
|
|
# - FOWNER
|
|
# - FSETID
|
|
# - IPC_LOCK
|
|
# - IPC_OWNER
|
|
# - KILL
|
|
# - LEASE
|
|
# - LINUX_IMMUTABLE
|
|
# - MKNOD
|
|
# - NET_ADMIN
|
|
# - NET_BIND_SERVICE
|
|
# - NET_BROADCAST
|
|
# - NET_RAW
|
|
# - SETFCAP
|
|
# - SETGID
|
|
# - SETPCAP
|
|
# - SETUID
|
|
# - SYSLOG
|
|
# - SYS_ADMIN
|
|
# - SYS_BOOT
|
|
# - SYS_CHROOT
|
|
# - SYS_MODULE
|
|
# - SYS_NICE
|
|
# - SYS_PACCT
|
|
# - SYS_PTRACE
|
|
# - SYS_RAWIO
|
|
# - SYS_RESOURCE
|
|
# - SYS_TIME
|
|
# - SYS_TTY_CONFIG
|
|
# - WAKE_ALARM
|
|
# - MAC_ADMIN - Smack project?
|
|
# - MAC_OVERRIDE - Smack project?
|