<div dir="ltr">Hi Joao,<div><br></div><div>Right now, it is impossible to create containers with escalated privileged, such as setting privileged mode or adding additional caps. This is intentional for security reasons. Basically, what Zun currently provides is "serverless" containers, which means Zun is not using VMs to isolate containers (for people who wanted strong isolation as VMs, they can choose secure container runtime such as Clear Container). Therefore, it is insecure to give users control of any kind of privilege escalation. However, if you want this feature, I would love to learn more about the use cases.</div><div><br></div><div>Best regards,</div><div>Hongbin</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 2, 2018 at 10:20 AM, João Paulo Sá da Silva <span dir="ltr"><<a href="mailto:joao-sa-silva@alticelabs.com" target="_blank">joao-sa-silva@alticelabs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="PT" link="blue" vlink="purple"><div class="m_-4201997003174443900WordSection1"><p class="MsoNormal"><span lang="EN-US">Hello!<br><br>Is it possible to create containers in privileged mode or to add caps as NET_ADMIN?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-US">Kind regards,<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-US">João<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p></div></div><br>______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br></blockquote></div><br></div>