Docker-Compose: order of cap_drop and cap_add?
After diving around the moby source code, I finally located TweakCapabilities(): it takes the two sets of capabilities to add and to drop, enforcing the following scheme below; thus works in docker-compose.yaml where YAML doesn't define an order for the cap_add and cap_drop keys. The first matching item below will terminate the list.
- container is
privileged: true: ignorecap_addandcap_dropcompletely, return all available capabilities instead. - both
cap_addandcap_dropare empty: return the default Docker set of capabilities. cap_addcontainsALL: return all capabilities minus the capabilities listed incap_drop(ignoresALLin the latter).cap_dropcontainsALL: return the capabilities fromcap_addonly, ignoring any Docker default capabilities.- default: first drop all capabilites from the default set listed in
cap_drop, then add the capabilities incap_add, and finally return the result.
If I'm not mistaken this can be also represented in a more accessible manner as follows...
privileged: true |
|---|
ALL capabilities: ignores cap_add and cap_drop (boss mode) |
Invoking iptables results in operation not supported in docker
Seems the error is to do with iptables. Big thanks to @KFC_ to investigating this.
Strangely when I ran it again from the python:3.7-slim image after installing iptables: I get extra output:
# iptables -t nat -nL
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables: Operation not supported.
Found the solution here: https://github.com/docker/libnetwork/issues/2331
update-alternatives --set iptables /usr/sbin/iptables-legacy
FieldOperator class does not contain static Constants
The field operators are available as static properties of the Criteria class.
E.g.:
Criteria.GreaterThan
Criteria.Equal
etc.
Related Topics
Sending Keycode to Xorg + Wine with Bash Script
How to Add an User and Re Set the Root User in Yocto
How Uevents Get Triggered in Kernel
How to Capitalize First Letter of Each Line in Bash
What Does Two Dots Before a Slash Mean? (../)
Capturing Display/Monitor Images, Sending Keyboard Input on Linux
Bash: /Bin/Myscript: Permission Denied
Tty_Flip_Buffer_Push() Sends Data Back to Itself
How to Change the Language of My Git
Limit Useable Host Resources in Docker Compose Without Swarm
Passing Environment Variables Not Working with Docker
How to Get Day of the Year in Shell
How to Avoid "No Such File or Directory" Error for 'Make Clean' Makefile Target
How to Create a Zip File Without Entire Directory Structure
Direct Control of Hci Device (Bypass Bluetooth Drivers) on Linux
How to Convert a Linux Executable File (Binary) to Windows Exe File