aboutsummaryrefslogtreecommitdiffstats
path: root/flags
diff options
context:
space:
mode:
authorValerij Fredriksen <valerijf@verizonmedia.com>2020-03-02 11:46:53 +0100
committerValerij Fredriksen <valerijf@verizonmedia.com>2020-03-02 11:46:53 +0100
commit9aa00adc797257d7eaad9ecd915b145354b34696 (patch)
treedff339cf6a6ed97a3fab5d8977bc4bd44dc81628 /flags
parentc4735deb48e380e84635a3d05741f7fe189349a7 (diff)
Add docker security task flags
Diffstat (limited to 'flags')
-rw-r--r--flags/src/main/java/com/yahoo/vespa/flags/Flags.java15
1 files changed, 13 insertions, 2 deletions
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index 815fcda6ee7..afde275e5dc 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -198,6 +198,18 @@ public class Flags {
"Whether to disable CM3.", "Takes effect on next host admin tick",
HOSTNAME);
+ public static final UnboundBooleanFlag RESTRICT_ACQUIRING_NEW_PRIVILEGES = defineFeatureFlag(
+ "restrict-acquiring-new-privileges", false,
+ "Whether docker daemon should restrict containers from acquiring new privileges",
+ "Takes effect on next host admin tick",
+ HOSTNAME);
+
+ public static final UnboundListFlag<String> AUDITED_PATHS = defineListFlag(
+ "audited-paths", List.of(), String.class,
+ "List of paths that should audited",
+ "Takes effect on next host admin tick",
+ HOSTNAME);
+
public static final UnboundBooleanFlag GENERATE_L4_ROUTING_CONFIG = defineFeatureFlag(
"generate-l4-routing-config", false,
"Whether routing nodes should generate L4 routing config",
@@ -218,8 +230,7 @@ public class Flags {
public static final UnboundStringFlag ENDPOINT_CERTIFICATE_BACKFILL = defineStringFlag(
"endpoint-certificate-backfill", "disable",
"Whether the endpoint certificate maintainer should backfill missing certificate data from cameo",
- "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\""
- );
+ "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\"");
public static final UnboundBooleanFlag USE_NEW_ATHENZ_FILTER = defineFeatureFlag(
"use-new-athenz-filter", false,