Browse Source

setcap and allow unprivileged userns clone for docker

master
Sean Johnson 4 years ago
parent
commit
c111222d1e
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG Key ID: 9FA15B87469EA850
  1. 5
      app/docker/config.sls
  2. 2
      base/package_map.yaml
  3. 4
      base/packages.sls

5
app/docker/config.sls

@ -7,3 +7,8 @@ write docker config to /etc/docker/daemon.json:
- contents: {{ salt['pillar.get']('docker:config', {}) | tojson | yaml_squote }}
- watch_in:
- service: docker
allow unprivileged userns clone:
sysctl.present:
- name: kernel.unprivileged_userns_clone
- value: 1

2
base/package_map.yaml

@ -7,6 +7,8 @@ Debian:
name: dnsutils
htop:
name: htop
libcap2-bin:
name: libcap2-bin
pip:
name: python-pip
python_requests:

4
base/packages.sls

@ -19,6 +19,10 @@ htop:
pkg.installed:
- name: "{{ packages.htop.name }}"
libcap2-bin:
pkg.installed:
- name: "{{ packages.libcap2-bin.name }}"
tmux:
pkg.installed:
- name: "{{ packages.tmux.name }}"

Loading…
Cancel
Save