Class: Aws::ECS::Types::KernelCapabilities
- Inherits:
-
Struct
- Object
- Struct
- Aws::ECS::Types::KernelCapabilities
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-ecs/types.rb
Overview
When making an API call, you may pass KernelCapabilities data as a hash:
{
add: ["String"],
drop: ["String"],
}
The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For more information on the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities] in the *Docker run reference*. For more detailed information on these Linux capabilities, see the [capabilities(7)] Linux manual page.
[1]: docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities [2]: man7.org/linux/man-pages/man7/capabilities.7.html
Instance Attribute Summary collapse
-
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the default configuration provided by Docker.
-
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from the default configuration provided by Docker.
Instance Attribute Details
#add ⇒ Array<String>
The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ‘CapAdd` in the [Create a container] section of the [Docker Remote API] and the `–cap-add` option to [docker run].
<note markdown=“1”> If you are using tasks that use the Fargate launch type, the ‘add` parameter is not supported.
</note>
Valid values: ‘“ALL” | “AUDIT_CONTROL” | “AUDIT_WRITE” | “BLOCK_SUSPEND” | “CHOWN” | “DAC_OVERRIDE” | “DAC_READ_SEARCH” | “FOWNER” | “FSETID” | “IPC_LOCK” | “IPC_OWNER” | “KILL” | “LEASE” | “LINUX_IMMUTABLE” | “MAC_ADMIN” | “MAC_OVERRIDE” | “MKNOD” | “NET_ADMIN” | “NET_BIND_SERVICE” | “NET_BROADCAST” | “NET_RAW” | “SETFCAP” | “SETGID” | “SETPCAP” | “SETUID” | “SYS_ADMIN” | “SYS_BOOT” | “SYS_CHROOT” | “SYS_MODULE” | “SYS_NICE” | “SYS_PACCT” | “SYS_PTRACE” | “SYS_RAWIO” | “SYS_RESOURCE” | “SYS_TIME” | “SYS_TTY_CONFIG” | “SYSLOG” | “WAKE_ALARM”`
[1]: docs.docker.com/engine/reference/api/docker_remote_api_v1.27/#create-a-container [2]: docs.docker.com/engine/reference/api/docker_remote_api_v1.27/ [3]: docs.docker.com/engine/reference/run/
2484 2485 2486 2487 2488 |
# File 'lib/aws-sdk-ecs/types.rb', line 2484 class KernelCapabilities < Struct.new( :add, :drop) include Aws::Structure end |
#drop ⇒ Array<String>
The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ‘CapDrop` in the [Create a container] section of the [Docker Remote API] and the `–cap-drop` option to [docker run].
Valid values: ‘“ALL” | “AUDIT_CONTROL” | “AUDIT_WRITE” | “BLOCK_SUSPEND” | “CHOWN” | “DAC_OVERRIDE” | “DAC_READ_SEARCH” | “FOWNER” | “FSETID” | “IPC_LOCK” | “IPC_OWNER” | “KILL” | “LEASE” | “LINUX_IMMUTABLE” | “MAC_ADMIN” | “MAC_OVERRIDE” | “MKNOD” | “NET_ADMIN” | “NET_BIND_SERVICE” | “NET_BROADCAST” | “NET_RAW” | “SETFCAP” | “SETGID” | “SETPCAP” | “SETUID” | “SYS_ADMIN” | “SYS_BOOT” | “SYS_CHROOT” | “SYS_MODULE” | “SYS_NICE” | “SYS_PACCT” | “SYS_PTRACE” | “SYS_RAWIO” | “SYS_RESOURCE” | “SYS_TIME” | “SYS_TTY_CONFIG” | “SYSLOG” | “WAKE_ALARM”`
[1]: docs.docker.com/engine/reference/api/docker_remote_api_v1.27/#create-a-container [2]: docs.docker.com/engine/reference/api/docker_remote_api_v1.27/ [3]: docs.docker.com/engine/reference/run/
2484 2485 2486 2487 2488 |
# File 'lib/aws-sdk-ecs/types.rb', line 2484 class KernelCapabilities < Struct.new( :add, :drop) include Aws::Structure end |