mirror of
https://github.com/portainer/portainer.git
synced 2025-07-25 08:19:40 +02:00
chore(project): add prettier for code format (#3645)
* chore(project): install prettier and lint-staged * chore(project): apply prettier to html too * chore(project): git ignore eslintcache * chore(project): add a comment about format script * chore(prettier): update printWidth * chore(prettier): remove useTabs option * chore(prettier): add HTML validation * refactor(prettier): fix closing tags * feat(prettier): define angular parser for html templates * style(prettier): run prettier on codebase Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
This commit is contained in:
Chaim Lev-Ari
GitHub
parent
6663073be1
commit
cf5056d9c0
714 changed files with 31228 additions and 28305 deletions
|
|
@ -1,90 +1,90 @@
|
|||
var capDesc = {
|
||||
'SETPCAP': 'Modify process capabilities.',
|
||||
'MKNOD': 'Create special files using mknod(2).',
|
||||
'AUDIT_WRITE': 'Write records to kernel auditing log.',
|
||||
'CHOWN': 'Make arbitrary changes to file UIDs and GIDs (see chown(2)).',
|
||||
'NET_RAW': 'Use RAW and PACKET sockets.',
|
||||
'DAC_OVERRIDE': 'Bypass file read, write, and execute permission checks.',
|
||||
'FOWNER': 'Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file.',
|
||||
'FSETID': 'Don’t clear set-user-ID and set-group-ID permission bits when a file is modified.',
|
||||
'KILL': 'Bypass permission checks for sending signals.',
|
||||
'SETGID': 'Make arbitrary manipulations of process GIDs and supplementary GID list.',
|
||||
'SETUID': 'Make arbitrary manipulations of process UIDs.',
|
||||
'NET_BIND_SERVICE': 'Bind a socket to internet domain privileged ports (port numbers less than 1024).',
|
||||
'SYS_CHROOT': 'Use chroot(2), change root directory.',
|
||||
'SETFCAP': 'Set file capabilities.',
|
||||
'SYS_MODULE': 'Load and unload kernel modules.',
|
||||
'SYS_RAWIO': 'Perform I/O port operations (iopl(2) and ioperm(2)).',
|
||||
'SYS_PACCT': 'Use acct(2), switch process accounting on or off.',
|
||||
'SYS_ADMIN': 'Perform a range of system administration operations.',
|
||||
'SYS_NICE': 'Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.',
|
||||
'SYS_RESOURCE': 'Override resource Limits.',
|
||||
'SYS_TIME': 'Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.',
|
||||
'SYS_TTY_CONFIG': 'Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.',
|
||||
'AUDIT_CONTROL': 'Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.',
|
||||
'MAC_ADMIN': 'Allow MAC configuration or state changes. Implemented for the Smack LSM.',
|
||||
'MAC_OVERRIDE': 'Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).',
|
||||
'NET_ADMIN': 'Perform various network-related operations.',
|
||||
'SYSLOG': 'Perform privileged syslog(2) operations.',
|
||||
'DAC_READ_SEARCH': 'Bypass file read permission checks and directory read and execute permission checks.',
|
||||
'LINUX_IMMUTABLE': 'Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.',
|
||||
'NET_BROADCAST': 'Make socket broadcasts, and listen to multicasts.',
|
||||
'IPC_LOCK': 'Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).',
|
||||
'IPC_OWNER': 'Bypass permission checks for operations on System V IPC objects.',
|
||||
'SYS_PTRACE': 'Trace arbitrary processes using ptrace(2).',
|
||||
'SYS_BOOT': 'Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.',
|
||||
'LEASE': 'Establish leases on arbitrary files (see fcntl(2)).',
|
||||
'WAKE_ALARM': 'Trigger something that will wake up the system.',
|
||||
'BLOCK_SUSPEND': 'Employ features that can block system suspend.'
|
||||
SETPCAP: 'Modify process capabilities.',
|
||||
MKNOD: 'Create special files using mknod(2).',
|
||||
AUDIT_WRITE: 'Write records to kernel auditing log.',
|
||||
CHOWN: 'Make arbitrary changes to file UIDs and GIDs (see chown(2)).',
|
||||
NET_RAW: 'Use RAW and PACKET sockets.',
|
||||
DAC_OVERRIDE: 'Bypass file read, write, and execute permission checks.',
|
||||
FOWNER: 'Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file.',
|
||||
FSETID: 'Don’t clear set-user-ID and set-group-ID permission bits when a file is modified.',
|
||||
KILL: 'Bypass permission checks for sending signals.',
|
||||
SETGID: 'Make arbitrary manipulations of process GIDs and supplementary GID list.',
|
||||
SETUID: 'Make arbitrary manipulations of process UIDs.',
|
||||
NET_BIND_SERVICE: 'Bind a socket to internet domain privileged ports (port numbers less than 1024).',
|
||||
SYS_CHROOT: 'Use chroot(2), change root directory.',
|
||||
SETFCAP: 'Set file capabilities.',
|
||||
SYS_MODULE: 'Load and unload kernel modules.',
|
||||
SYS_RAWIO: 'Perform I/O port operations (iopl(2) and ioperm(2)).',
|
||||
SYS_PACCT: 'Use acct(2), switch process accounting on or off.',
|
||||
SYS_ADMIN: 'Perform a range of system administration operations.',
|
||||
SYS_NICE: 'Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.',
|
||||
SYS_RESOURCE: 'Override resource Limits.',
|
||||
SYS_TIME: 'Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.',
|
||||
SYS_TTY_CONFIG: 'Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.',
|
||||
AUDIT_CONTROL: 'Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.',
|
||||
MAC_ADMIN: 'Allow MAC configuration or state changes. Implemented for the Smack LSM.',
|
||||
MAC_OVERRIDE: 'Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).',
|
||||
NET_ADMIN: 'Perform various network-related operations.',
|
||||
SYSLOG: 'Perform privileged syslog(2) operations.',
|
||||
DAC_READ_SEARCH: 'Bypass file read permission checks and directory read and execute permission checks.',
|
||||
LINUX_IMMUTABLE: 'Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.',
|
||||
NET_BROADCAST: 'Make socket broadcasts, and listen to multicasts.',
|
||||
IPC_LOCK: 'Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).',
|
||||
IPC_OWNER: 'Bypass permission checks for operations on System V IPC objects.',
|
||||
SYS_PTRACE: 'Trace arbitrary processes using ptrace(2).',
|
||||
SYS_BOOT: 'Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.',
|
||||
LEASE: 'Establish leases on arbitrary files (see fcntl(2)).',
|
||||
WAKE_ALARM: 'Trigger something that will wake up the system.',
|
||||
BLOCK_SUSPEND: 'Employ features that can block system suspend.',
|
||||
};
|
||||
|
||||
export function ContainerCapabilities() {
|
||||
// all capabilities can be found at https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
|
||||
return [
|
||||
new ContainerCapability('SETPCAP', true),
|
||||
new ContainerCapability('MKNOD', true),
|
||||
new ContainerCapability('AUDIT_WRITE', true),
|
||||
new ContainerCapability('CHOWN', true),
|
||||
new ContainerCapability('NET_RAW', true),
|
||||
new ContainerCapability('DAC_OVERRIDE', true),
|
||||
new ContainerCapability('FOWNER', true),
|
||||
new ContainerCapability('FSETID', true),
|
||||
new ContainerCapability('KILL', true),
|
||||
new ContainerCapability('SETGID', true),
|
||||
new ContainerCapability('SETUID', true),
|
||||
new ContainerCapability('NET_BIND_SERVICE', true),
|
||||
new ContainerCapability('SYS_CHROOT', true),
|
||||
new ContainerCapability('SETFCAP', true),
|
||||
new ContainerCapability('SYS_MODULE', false),
|
||||
new ContainerCapability('SYS_RAWIO', false),
|
||||
new ContainerCapability('SYS_PACCT', false),
|
||||
new ContainerCapability('SYS_ADMIN', false),
|
||||
new ContainerCapability('SYS_NICE', false),
|
||||
new ContainerCapability('SYS_RESOURCE', false),
|
||||
new ContainerCapability('SYS_TIME', false),
|
||||
new ContainerCapability('SYS_TTY_CONFIG', false),
|
||||
new ContainerCapability('AUDIT_CONTROL', false),
|
||||
new ContainerCapability('MAC_ADMIN', false),
|
||||
new ContainerCapability('MAC_OVERRIDE', false),
|
||||
new ContainerCapability('NET_ADMIN', false),
|
||||
new ContainerCapability('SYSLOG', false),
|
||||
new ContainerCapability('DAC_READ_SEARCH', false),
|
||||
new ContainerCapability('LINUX_IMMUTABLE', false),
|
||||
new ContainerCapability('NET_BROADCAST', false),
|
||||
new ContainerCapability('IPC_LOCK', false),
|
||||
new ContainerCapability('IPC_OWNER', false),
|
||||
new ContainerCapability('SYS_PTRACE', false),
|
||||
new ContainerCapability('SYS_BOOT', false),
|
||||
new ContainerCapability('LEASE', false),
|
||||
new ContainerCapability('WAKE_ALARM', false),
|
||||
new ContainerCapability('BLOCK_SUSPEND', false)
|
||||
].sort(function (a, b) {
|
||||
return a.capability < b.capability ? -1 : 1;
|
||||
});
|
||||
// all capabilities can be found at https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
|
||||
return [
|
||||
new ContainerCapability('SETPCAP', true),
|
||||
new ContainerCapability('MKNOD', true),
|
||||
new ContainerCapability('AUDIT_WRITE', true),
|
||||
new ContainerCapability('CHOWN', true),
|
||||
new ContainerCapability('NET_RAW', true),
|
||||
new ContainerCapability('DAC_OVERRIDE', true),
|
||||
new ContainerCapability('FOWNER', true),
|
||||
new ContainerCapability('FSETID', true),
|
||||
new ContainerCapability('KILL', true),
|
||||
new ContainerCapability('SETGID', true),
|
||||
new ContainerCapability('SETUID', true),
|
||||
new ContainerCapability('NET_BIND_SERVICE', true),
|
||||
new ContainerCapability('SYS_CHROOT', true),
|
||||
new ContainerCapability('SETFCAP', true),
|
||||
new ContainerCapability('SYS_MODULE', false),
|
||||
new ContainerCapability('SYS_RAWIO', false),
|
||||
new ContainerCapability('SYS_PACCT', false),
|
||||
new ContainerCapability('SYS_ADMIN', false),
|
||||
new ContainerCapability('SYS_NICE', false),
|
||||
new ContainerCapability('SYS_RESOURCE', false),
|
||||
new ContainerCapability('SYS_TIME', false),
|
||||
new ContainerCapability('SYS_TTY_CONFIG', false),
|
||||
new ContainerCapability('AUDIT_CONTROL', false),
|
||||
new ContainerCapability('MAC_ADMIN', false),
|
||||
new ContainerCapability('MAC_OVERRIDE', false),
|
||||
new ContainerCapability('NET_ADMIN', false),
|
||||
new ContainerCapability('SYSLOG', false),
|
||||
new ContainerCapability('DAC_READ_SEARCH', false),
|
||||
new ContainerCapability('LINUX_IMMUTABLE', false),
|
||||
new ContainerCapability('NET_BROADCAST', false),
|
||||
new ContainerCapability('IPC_LOCK', false),
|
||||
new ContainerCapability('IPC_OWNER', false),
|
||||
new ContainerCapability('SYS_PTRACE', false),
|
||||
new ContainerCapability('SYS_BOOT', false),
|
||||
new ContainerCapability('LEASE', false),
|
||||
new ContainerCapability('WAKE_ALARM', false),
|
||||
new ContainerCapability('BLOCK_SUSPEND', false),
|
||||
].sort(function (a, b) {
|
||||
return a.capability < b.capability ? -1 : 1;
|
||||
});
|
||||
}
|
||||
|
||||
export function ContainerCapability(cap, allowed) {
|
||||
this.capability = cap;
|
||||
this.allowed = allowed;
|
||||
this.description = capDesc[cap];
|
||||
}
|
||||
this.capability = cap;
|
||||
this.allowed = allowed;
|
||||
this.description = capDesc[cap];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue