Skip to content

Commit

Permalink
Remove privileged flag for database and snmp docker (#13783)
Browse files Browse the repository at this point in the history 
#### Why I did it
Reduce docker privilege 
This is part of HLD sonic-net/SONiC#1364

#### How I did it
Remove flag --privileged
#### How to verify it
docker exec -it database bash
root@0048b82b460b:/# ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted
  • Loading branch information
@andriydnvd
andriydnvd authored Aug 15, 2023
1 parent 1626e19 commit cf72683
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion rules/docker-database.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)

$(DOCKER_DATABASE)_CONTAINER_NAME = database
$(DOCKER_DATABASE)_RUN_OPT += --privileged -t
$(DOCKER_DATABASE)_RUN_OPT += -t
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro

Expand Down
2 changes: 1 addition & 1 deletion rules/docker-snmp.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ SONIC_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SNMP_DBG)

$(DOCKER_SNMP)_CONTAINER_NAME = snmp
$(DOCKER_SNMP)_RUN_OPT += --privileged -t
$(DOCKER_SNMP)_RUN_OPT += -t
$(DOCKER_SNMP)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
$(DOCKER_SNMP)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
$(DOCKER_SNMP)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)
Expand Down

0 comments on commit cf72683

Please sign in to comment.