feat(container): add sysctls setting in the container view (#4910)

* feat(container): add sysctls in the container view (#2756) * feat(container): add setting to restrict sysctl access * feat(endpoint): move sysctl disable setting to security settings * feat(container): add sysctls to container edit view * fix(container) remove unnecessary migration setting Co-authored-by: Owen Kirby <oskirby@gmail.com>
2025-07-20 05:49:40 +02:00 · 2021-04-12 09:40:45 +02:00 · 2021-04-12 09:40:45 +02:00 · d09ae22ba8
commit d09ae22ba8
parent ac7d819620
14 changed files with 125 additions and 9 deletions
--- a/app/docker/views/docker-features-configuration/docker-features-configuration.controller.js
+++ b/app/docker/views/docker-features-configuration/docker-features-configuration.controller.js
@ -15,6 +15,7 @@ export default class DockerFeaturesConfigurationController {
      disableStackManagementForRegularUsers: false,
      disableDeviceMappingForRegularUsers: false,
      disableContainerCapabilitiesForRegularUsers: false,
+      disableSysctlSettingForRegularUsers: false,
    };

    this.isAgent = false;
@ -33,13 +34,15 @@ export default class DockerFeaturesConfigurationController {
      disablePrivilegedModeForRegularUsers,
      disableDeviceMappingForRegularUsers,
      disableContainerCapabilitiesForRegularUsers,
+      disableSysctlSettingForRegularUsers,
    } = this.formValues;
    return (
      disableBindMountsForRegularUsers ||
      disableHostNamespaceForRegularUsers ||
      disablePrivilegedModeForRegularUsers ||
      disableDeviceMappingForRegularUsers ||
-      disableContainerCapabilitiesForRegularUsers
+      disableContainerCapabilitiesForRegularUsers ||
+      disableSysctlSettingForRegularUsers
    );
  }

@ -56,6 +59,7 @@ export default class DockerFeaturesConfigurationController {
          allowDeviceMappingForRegularUsers: !this.formValues.disableDeviceMappingForRegularUsers,
          allowStackManagementForRegularUsers: !this.formValues.disableStackManagementForRegularUsers,
          allowContainerCapabilitiesForRegularUsers: !this.formValues.disableContainerCapabilitiesForRegularUsers,
+          allowSysctlSettingForRegularUsers: !this.formValues.disableSysctlSettingForRegularUsers,
        };

        await this.EndpointService.updateSecuritySettings(this.endpoint.Id, securitySettings);
@ -89,6 +93,7 @@ export default class DockerFeaturesConfigurationController {
      disableDeviceMappingForRegularUsers: !securitySettings.allowDeviceMappingForRegularUsers,
      disableStackManagementForRegularUsers: !securitySettings.allowStackManagementForRegularUsers,
      disableContainerCapabilitiesForRegularUsers: !securitySettings.allowContainerCapabilitiesForRegularUsers,
+      disableSysctlSettingForRegularUsers: !securitySettings.allowSysctlSettingForRegularUsers,
    };
  }
 }