You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Linux has a notion of capabilities, which is essentially a token allowing a certain privileged operation.
E.g. CAP_BPF allows loading ebpf programs for an otherwise unprivileged user.
The way to leverage capabilities with Docker is two fold:
at build time, use setcap tool to set file capabilities on a binary;
at run time, requestmatching capabilities via --cap-add option.
We are doing ebpf in go and we'd like to take advantage of ko's fast build times and convenience. We need a way to set custom capabilities on the app binary.
It looks like currently it is not supported, as far as I can tell from docs and implementation.
Would you be open for such contribution?
The text was updated successfully, but these errors were encountered:
Linux has a notion of capabilities, which is essentially a token allowing a certain privileged operation.
E.g.
CAP_BPFallows loading ebpf programs for an otherwise unprivileged user.The way to leverage capabilities with Docker is two fold:
setcaptool to set file capabilities on a binary;--cap-addoption.We are doing ebpf in go and we'd like to take advantage of ko's fast build times and convenience. We need a way to set custom capabilities on the app binary.
It looks like currently it is not supported, as far as I can tell from docs and implementation.
Would you be open for such contribution?
The text was updated successfully, but these errors were encountered: