summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
0b89aad)
Rsync when not run as root user, it needs group id and user id setter capability.
cap_setgid
cap_setuid
Change-Id: I396e0f4868492f8bb55f77229658e4dc6e05fcdc
Signed-off-by: Balazs Szekeres <balazs.szekeres@nokia.com>
%define COMPONENT swift
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 2.22.0
%define COMPONENT swift
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 2.22.0
-%define RPM_MINOR_VERSION 0
+%define RPM_MINOR_VERSION 1
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
- add: ["NET_BIND_SERVICE"]
+ add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
args:
- BACKEND
resources:
args:
- BACKEND
resources:
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
image: {{ container_image_names | select('search', '/swift') | list | last }}
securityContext:
capabilities:
- add: ["NET_BIND_SERVICE"]
+ add: ["NET_BIND_SERVICE", "SETGID", "SETUID"]
args:
- BACKEND
resources:
args:
- BACKEND
resources:
&& yum clean all \
&& rm -rf /etc/yum.repos.d/luxembourg.repo \
&& rm -rf ${GOPATH} \
&& yum clean all \
&& rm -rf /etc/yum.repos.d/luxembourg.repo \
&& rm -rf ${GOPATH} \
-&& setcap 'cap_net_bind_service=+ep' /usr/bin/rsync
+&& setcap 'cap_setgid,cap_setuid,cap_net_bind_service=+ep' /usr/bin/rsync
ENTRYPOINT ["/usr/bin/mainstart.sh"]
ENTRYPOINT ["/usr/bin/mainstart.sh"]