I need to deploy the Docker image, but I only want to use the Docker run command without using any of its arguments.
I want to assign special permission while running the container.
This is my Docker run command:
docker run --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH ping
But I just want to use only:
docker run ping
What changes should I do in my Docker file? I cannot use Docker Compose (not my usecase).
My Docker file:
This works for version 2 and 3. For example:
version: '2'
services:
myapp:
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
You can't do that. An image can't grant itself elevated privileges to control the system it runs on; only the administrator actually running the docker run
can do that.
It's better to wrap this in something like a Docker Compose YAML file or a shell script that includes all of the required docker run
arguments.
If you're trying to build a "helper command" via Docker, there's two things worth remembering. One is that everyone who can run Docker commands has unrestricted root privileges over the host; it's very hard to stop someone from docker run -v /:/host -u root ...
and getting unrestricted access to the host's filesystem. Another is that there are many Docker options like this (including setting environment variables, volume mounts, and publishing ports) that are set extremely routinely, so it's hard to build an image where just docker run imagename
on its own brings up the image with full functionality.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With