1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
package util
const (
// Deprecated: Default runtime should come from containers.conf
DefaultRuntime = "runc"
// DefaultCNIPluginPath is the default location of CNI plugin helpers.
DefaultCNIPluginPath = "/usr/libexec/cni:/opt/cni/bin"
// DefaultCNIConfigDir is the default location of CNI configuration files.
DefaultCNIConfigDir = "/etc/cni/net.d"
)
var (
// DefaultCapabilities is the list of capabilities which we grant by
// default to containers which are running under UID 0.
DefaultCapabilities = []string{
"CAP_AUDIT_WRITE",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_MKNOD",
"CAP_NET_BIND_SERVICE",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT",
}
// DefaultNetworkSysctl is the list of Kernel parameters which we
// grant by default to containers which are running under UID 0.
DefaultNetworkSysctl = map[string]string{
"net.ipv4.ping_group_range": "0 0",
}
)
|
