Skip to content

Commit f541d5f

Browse files
maipbuimaipbui
committed
[docker-database] limit privileged flag for database container
Signed-off-by: Mai Bui <maibui@microsoft.com>
1 parent 6968aaa commit f541d5f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

rules/docker-database.mk

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ SONIC_BOOKWORM_DBG_DOCKERS += $(DOCKER_DATABASE_DBG)
2828
SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_DATABASE_DBG)
2929

3030
$(DOCKER_DATABASE)_CONTAINER_NAME = database
31-
$(DOCKER_DATABASE)_RUN_OPT += --privileged -t
31+
$(DOCKER_DATABASE)_RUN_OPT += -t --cap-add=ALL --security-opt label=disable --security-opt apparmor=unconfined --security-opt="systempaths=unconfined"
3232
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
3333
$(DOCKER_DATABASE)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro
3434

0 commit comments

Comments
 (0)