Set no-new-privileges security option on container if flag is set

author: Valerij Fredriksen <valerijf@verizonmedia.com> 2020-03-04 11:04:49 +0100
committer: Valerij Fredriksen <valerijf@verizonmedia.com> 2020-03-04 11:04:49 +0100
commit: 734fe0e9a6efb5a8d6174d9313fbcca0b4c64cfb (patch)
tree: 72e02e240a0c34c3a20f82a05c2e77723ab879d7 /flags
parent: b25f86aec251643031cb760bfa810318f177daba (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index 05953f7d5b7..8fb3b2af4f6 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -200,9 +200,9 @@ public class Flags {
 
     public static final UnboundBooleanFlag RESTRICT_ACQUIRING_NEW_PRIVILEGES = defineFeatureFlag(
             "restrict-acquiring-new-privileges", false,
-            "Whether docker daemon should restrict containers from acquiring new privileges",
-            "Takes effect on next host admin tick",
-            HOSTNAME);
+            "Whether docker container processes should be prevented from acquiring new privileges",
+            "Takes effect on container creation",
+            APPLICATION_ID, HOSTNAME);
 
     public static final UnboundListFlag<String> AUDITED_PATHS = defineListFlag(
             "audited-paths", List.of(), String.class,
author	Valerij Fredriksen <valerijf@verizonmedia.com>	2020-03-04 11:04:49 +0100
committer	Valerij Fredriksen <valerijf@verizonmedia.com>	2020-03-04 11:04:49 +0100
commit	734fe0e9a6efb5a8d6174d9313fbcca0b4c64cfb (patch)
tree	72e02e240a0c34c3a20f82a05c2e77723ab879d7 /flags
parent	b25f86aec251643031cb760bfa810318f177daba (diff)