BX21
Reputation: 461
how can a docker container check if it has a capability
For example, suppose I have a container which needs the NET_ADMIN capability (keepalived as a container for example).
How can I check, when the container is run, that the capability is actually provided, so that I can add a log / throw an error?
Upvotes: 5
Views: 4607
Answers (1)
Tarun Lalwani
Reputation: 146630
You can commands to check the capabilities
$ capsh --print | grep "Current:" | cut -d' ' -f3 | grep -q cap_net_admin
$ echo $?
0
$ capsh --print | grep "Current:" | cut -d' ' -f3 | grep -q cap_net_admins
$ echo $?
1
Below command shows all available capabilities for a container
$ capsh --print | grep "Current:" | cut -d' ' -f3 cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap+eip
Upvotes: 8
Related Questions
- How to know if a docker container is running in privileged mode
- How does one detect if one is running within a docker container within Python?
- How to check if a process is running inside docker container?
- How can a script check if a particular Docker container is running?
- How can we add capabilities to a running docker container?
- All Docker container statuses?
- How to check if any application is running in docker container?
- How to get services and its status inside the docker containers?
- How can I find out which capabilities a container has been given?
- making sure a given docker container is running