Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 07:49:41 +02:00
Code Issues Releases Activity
portainer/app/docker/models/containerCapabilities.js
Chaim Lev-Ari 45113a7ff4 refactor(app): introduce webpack and babel (#2407) 
* feat(agent): add new host page

* feat(agent): convert volume-browser to files-datatable

* fix(agent): browse folders in file-datatable

* feat(engine-details): replace engine view with host view

* feat(engine-details): remove old panels

* feat(engine-details): add basic engine-details-panel component

* feat(engine-details): pass details to the different components

* feat(engine-details): replace host-view with host-overview

* feat(engine-details): add commaseperated filter

* feat(engine-details): add host-view container component

* feat(engine-details): add host-details component

* feat(engine-details): build host details object

* feat(engine-details): format engine version

* feat(engine-details): get details for one node

* feat(engine-details): pass is-agent from view

* feat(engine-details): replace old node view with a new component

* feat(engine-details): add swarm-node-details component

* feat(engine-details): remove isSwarm binding

* feat(engine-details): remove node-details and include in parent

* feat(engine-details): add labels-table component

* feat(engine-details): add update node service

* feat(engine-details): add update label functionality

* style(engine-details): remove whitespaces

* feat(engine-details): remove old node page

* feat(engine-details): pass is agent to host details

* feat(host-details): hide missing info

* feat(host-details): update node availability

* style(host-details): remove obsolete event object

* feat(host-details): fix labels not sending

* feat(host-details): remove flags for hiding data

* feat(host-details): create mock call to server for agent host info

* style(host-details): fix spelling mistake in filter's name

* feat(host-details): get info from agent

* feat(host-details): hide engine labels when empty

* feat(node-details): move labels table and save button

* feat(host-info): add different urls for refresh

* feat(host-details): show disk/devices info for agent

* feat(host-view): add loading indicator to devices-panel

* feat(host-details): add loading indicator to disks panel

* feat(agent): fix browse volume

* feat(agent): browse files

* feat(agent): enable rename

* feat(agent): download file

* fix(agent): download file from root

* feat(agent): delete file

* style(agent): remove whitespaces

* fix(agent): fix link on node browser

* feat(agent): basic file uploader

* feat(agent): add basic file upload

* fix(volume-browser): move volume id to query params

* feat(node-browser): moved uploader into browser

* feat(node-browser): add upload spinner

* feat(agent): browse files relative to root

* feat(build): add webpack build config

* feat(build): add missing imports

* feat(webpack): add missing imports

* feat(build): enable eslint on build

* feat(build): add webpack notifier

* feat(build): clean terminal on build

* feat(build): import all globals

* feat(build): add angular import

* feat(build): fix styles

* feat(build): load favicons

* feat(build): load css before script

* feat(webpack): split vendors css and js to a different bundle

* feat(webpack): import angular in all files

* feat(webpack): remove eslint global config

* feat(webpack): add webpack clean dist

* feat(webpack): fix styling issues

* refactor(webpack): remove empty controllers

* refactor(webpack): optimize moment

* refactor(webpack): add bundle analyzer

* feat(webpack): add babel

* refactor(webpack): optimize lodash

* refactor(toastr): update toastr

* feat(webpack): create basic production and dev config

* fix(webpack): fix production config

* fix(webpack): fix html templates url

* refactor(webpack): remove angular imports

* refactor(webpack): remove more angular imports

* refactor(webpack): return angular to entry file

* style(webpack): remove comments from config

* fix(hosts): remove browse button

* fix(webpack): import lodash

* fix(webpack): import missing htmls

* feat(webpack): reduce lodash size

* feat(webpack): config grunt to use webpack

* feat(webpack): add postcss

* chore(codeclimate): use eslint-5 channel

* feat(deps): upgrade from lodash to lodash-es

* fix(webpack): fix bug with lodash

* chore(build): add build client script

* fix(webpack): fix missing jsyaml reference

* refactor(webpack): seperate builds of img files

* chore(build): add a way to check times of webpack build

* feat(webpack): add dev server

* fix(webpack): fix css output name

* chore(webpack): optimize images

* chore(webpack): add node env

* fix(build): copy templates on release

* chore(webpack): set env NODE_ENV

* feat(webpack): set NODE_ENV on production builds

* fix(extensions): set image path

* refactor(css): move vendor css to js import

* style(app): remove whitespaces

* fix(build-system): allow DevOps pipeline to leverage webpack (#2670)

* Update devopsbuild task to use webpack & remove AppVeyor environment var

* Added -Force to replace the existing dist folder

* Removed Test-Path

* dep(build-system): add angularjs-annotate to webpack + fix on imports

* Merge branch 'develop' into webpack

* refactor(app): webpack aliases for imports + async / await dep + start refactor

* style(extensions): use develop version of the view

* fix(app): fix several issues introduced by webpack migration

* fix(webpack): fix ng-include not loading templates with webpack

* Fix Windows CI with Webpack (#2782)

* fix(configs): refactor broke configs creation and list views

* fix(build-system): update build_binary_devops for Windows
2019-03-21 18:46:49 +13:00

90 lines
No EOL
5.2 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

var capDesc = {
'SETPCAP': 'Modify process capabilities.',
'MKNOD': 'Create special files using mknod(2).',
'AUDIT_WRITE': 'Write records to kernel auditing log.',
'CHOWN': 'Make arbitrary changes to file UIDs and GIDs (see chown(2)).',
'NET_RAW': 'Use RAW and PACKET sockets.',
'DAC_OVERRIDE': 'Bypass file read, write, and execute permission checks.',
'FOWNER': 'Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file.',
'FSETID': 'Dont clear set-user-ID and set-group-ID permission bits when a file is modified.',
'KILL': 'Bypass permission checks for sending signals.',
'SETGID': 'Make arbitrary manipulations of process GIDs and supplementary GID list.',
'SETUID': 'Make arbitrary manipulations of process UIDs.',
'NET_BIND_SERVICE': 'Bind a socket to internet domain privileged ports (port numbers less than 1024).',
'SYS_CHROOT': 'Use chroot(2), change root directory.',
'SETFCAP': 'Set file capabilities.',
'SYS_MODULE': 'Load and unload kernel modules.',
'SYS_RAWIO': 'Perform I/O port operations (iopl(2) and ioperm(2)).',
'SYS_PACCT': 'Use acct(2), switch process accounting on or off.',
'SYS_ADMIN': 'Perform a range of system administration operations.',
'SYS_NICE': 'Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.',
'SYS_RESOURCE': 'Override resource Limits.',
'SYS_TIME': 'Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.',
'SYS_TTY_CONFIG': 'Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.',
'AUDIT_CONTROL': 'Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.',
'MAC_ADMIN': 'Allow MAC configuration or state changes. Implemented for the Smack LSM.',
'MAC_OVERRIDE': 'Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).',
'NET_ADMIN': 'Perform various network-related operations.',
'SYSLOG': 'Perform privileged syslog(2) operations.',
'DAC_READ_SEARCH': 'Bypass file read permission checks and directory read and execute permission checks.',
'LINUX_IMMUTABLE': 'Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.',
'NET_BROADCAST': 'Make socket broadcasts, and listen to multicasts.',
'IPC_LOCK': 'Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).',
'IPC_OWNER': 'Bypass permission checks for operations on System V IPC objects.',
'SYS_PTRACE': 'Trace arbitrary processes using ptrace(2).',
'SYS_BOOT': 'Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.',
'LEASE': 'Establish leases on arbitrary files (see fcntl(2)).',
'WAKE_ALARM': 'Trigger something that will wake up the system.',
'BLOCK_SUSPEND': 'Employ features that can block system suspend.'
};
export function ContainerCapabilities() {
// all capabilities can be found at https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
return [
new ContainerCapability('SETPCAP', true),
new ContainerCapability('MKNOD', true),
new ContainerCapability('AUDIT_WRITE', true),
new ContainerCapability('CHOWN', true),
new ContainerCapability('NET_RAW', true),
new ContainerCapability('DAC_OVERRIDE', true),
new ContainerCapability('FOWNER', true),
new ContainerCapability('FSETID', true),
new ContainerCapability('KILL', true),
new ContainerCapability('SETGID', true),
new ContainerCapability('SETUID', true),
new ContainerCapability('NET_BIND_SERVICE', true),
new ContainerCapability('SYS_CHROOT', true),
new ContainerCapability('SETFCAP', true),
new ContainerCapability('SYS_MODULE', false),
new ContainerCapability('SYS_RAWIO', false),
new ContainerCapability('SYS_PACCT', false),
new ContainerCapability('SYS_ADMIN', false),
new ContainerCapability('SYS_NICE', false),
new ContainerCapability('SYS_RESOURCE', false),
new ContainerCapability('SYS_TIME', false),
new ContainerCapability('SYS_TTY_CONFIG', false),
new ContainerCapability('AUDIT_CONTROL', false),
new ContainerCapability('MAC_ADMIN', false),
new ContainerCapability('MAC_OVERRIDE', false),
new ContainerCapability('NET_ADMIN', false),
new ContainerCapability('SYSLOG', false),
new ContainerCapability('DAC_READ_SEARCH', false),
new ContainerCapability('LINUX_IMMUTABLE', false),
new ContainerCapability('NET_BROADCAST', false),
new ContainerCapability('IPC_LOCK', false),
new ContainerCapability('IPC_OWNER', false),
new ContainerCapability('SYS_PTRACE', false),
new ContainerCapability('SYS_BOOT', false),
new ContainerCapability('LEASE', false),
new ContainerCapability('WAKE_ALARM', false),
new ContainerCapability('BLOCK_SUSPEND', false)
].sort(function (a, b) {
return a.capability < b.capability ? -1 : 1;
});
}
export function ContainerCapability(cap, allowed) {
this.capability = cap;
this.allowed = allowed;
this.description = capDesc[cap];
}
View git blame Copy permalink