Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docker-lldp] limit privileged flag for lldp container #15830

Merged
merged 1 commit into from
Aug 15, 2023
Merged

[docker-lldp] limit privileged flag for lldp container #15830

merged 1 commit into from
Aug 15, 2023

Conversation

maipbui
Copy link
Contributor

@maipbui maipbui commented Jul 13, 2023

Why I did it

HLD implementation: Container Hardening (sonic-net/SONiC#1364)

Work item tracking
  • Microsoft ADO (number only): 14807420

How I did it

Reduce linux capabilities in privileged flag, retain NET_ADMIN capability

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@maipbui maipbui mentioned this pull request Jul 13, 2023
Merged
@qiluo-msft qiluo-msft requested a review from Yarden-Z July 13, 2023 21:36
@qiluo-msft qiluo-msft requested a review from abdosi August 1, 2023 20:50
@maipbui maipbui marked this pull request as ready for review August 15, 2023 18:26
@maipbui maipbui requested review from xumia and lguohan as code owners August 15, 2023 18:26
@qiluo-msft qiluo-msft merged commit 030c572 into sonic-net:master Aug 15, 2023
@maipbui maipbui deleted the lldp_priv branch August 15, 2023 18:27
sonic-otn pushed a commit to sonic-otn/sonic-buildimage that referenced this pull request Sep 20, 2023
@maipbui @sonic-otn
[docker-lldp] limit privileged flag for lldp container (sonic-net#15830)
1ef62fe 
#### Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)
##### Work item tracking
- Microsoft ADO **(number only)**: 14807420

#### How I did it
Reduce linux capabilities in privileged flag, retain NET_ADMIN capability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yarden-Z Yarden-Z Yarden-Z approved these changes

@abdosi abdosi abdosi approved these changes

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@xumia xumia Awaiting requested review from xumia xumia is a code owner

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maipbui @qiluo-msft @abdosi @Yarden-Z