[docker-pmon] limit privileged flag for pmon container#78
Closed
DavidZagury wants to merge 9 commits intomasterfrom
Closed
[docker-pmon] limit privileged flag for pmon container#78DavidZagury wants to merge 9 commits intomasterfrom
DavidZagury wants to merge 9 commits intomasterfrom
Conversation
keboliu
approved these changes
Jul 14, 2025
DavidZagury
force-pushed
the
master_pmon_harden
branch
2 times, most recently
from
cb29428 to
acd72c6
Compare
DavidZagury
pushed a commit
that referenced
this pull request
Dec 6, 2025
…ly (sonic-net#24654) #### Why I did it src/sonic-stp ``` * 6be3721 - (HEAD -> master, origin/master, origin/HEAD) Correcting stp-stpmgrd IPC data structure similar to structure defined in stpmgr.h file (#80) (4 days ago) [Divya Kumaran Chandralekha] * e80c7be - [stpctl] stpctl enhancements for mstp debugging commands (#79) (5 days ago) [vganesan-nokia] * bfcb492 - [mstp] Fix for port enable handlinging and rx pkt type check (#78) (5 days ago) [vganesan-nokia] ``` #### How I did it #### How to verify it #### Description for the changelog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why I did it
HLD implementation: Container Hardening (sonic-net/SONiC#1364)
Work item tracking
How I did it
Reduce linux capabilities in privileged flag
How to verify it
Run platform tests.
Check container's settings: Privileged is false and container only has default Linux caps, and SYS_RAWIO/SYS_ADMIN cap.
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)