github.com/dougm/docker@v1.5.0/daemon/execdriver/native/template/default_template.go

github.com/dougm/docker@v1.5.0/daemon/execdriver/native/template/default_template.go (about)

     1  package template
     2  
     3  import (
     4  	"github.com/docker/libcontainer"
     5  	"github.com/docker/libcontainer/apparmor"
     6  	"github.com/docker/libcontainer/cgroups"
     7  )
     8  
     9  // New returns the docker default configuration for libcontainer
    10  func New() *libcontainer.Config {
    11  	container := &libcontainer.Config{
    12  		Capabilities: []string{
    13  			"CHOWN",
    14  			"DAC_OVERRIDE",
    15  			"FSETID",
    16  			"FOWNER",
    17  			"MKNOD",
    18  			"NET_RAW",
    19  			"SETGID",
    20  			"SETUID",
    21  			"SETFCAP",
    22  			"SETPCAP",
    23  			"NET_BIND_SERVICE",
    24  			"SYS_CHROOT",
    25  			"KILL",
    26  			"AUDIT_WRITE",
    27  		},
    28  		Namespaces: libcontainer.Namespaces([]libcontainer.Namespace{
    29  			{Type: "NEWNS"},
    30  			{Type: "NEWUTS"},
    31  			{Type: "NEWIPC"},
    32  			{Type: "NEWPID"},
    33  			{Type: "NEWNET"},
    34  		}),
    35  		Cgroups: &cgroups.Cgroup{
    36  			Parent:          "docker",
    37  			AllowAllDevices: false,
    38  		},
    39  		MountConfig: &libcontainer.MountConfig{},
    40  	}
    41  
    42  	if apparmor.IsEnabled() {
    43  		container.AppArmorProfile = "docker-default"
    44  	}
    45  
    46  	return container
    47  }