diff options
author | Valerij Fredriksen <freva@users.noreply.github.com> | 2020-03-02 18:23:27 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-02 18:23:27 +0100 |
commit | 9b6b0c8e13fd688747fdc7abc5aad479f958e34e (patch) | |
tree | b8c11b3ecd0ce7da41fde6595b17542d8b09fbee /flags | |
parent | a5dd3abdd90978a19cd3c69857c5bc487a1da057 (diff) | |
parent | 9aa00adc797257d7eaad9ecd915b145354b34696 (diff) |
Merge pull request #12395 from vespa-engine/freva/flags
Add docker security task flags
Diffstat (limited to 'flags')
-rw-r--r-- | flags/src/main/java/com/yahoo/vespa/flags/Flags.java | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index a7bb0c6244e..05953f7d5b7 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -198,6 +198,18 @@ public class Flags { "Whether to disable CM3.", "Takes effect on next host admin tick", HOSTNAME); + public static final UnboundBooleanFlag RESTRICT_ACQUIRING_NEW_PRIVILEGES = defineFeatureFlag( + "restrict-acquiring-new-privileges", false, + "Whether docker daemon should restrict containers from acquiring new privileges", + "Takes effect on next host admin tick", + HOSTNAME); + + public static final UnboundListFlag<String> AUDITED_PATHS = defineListFlag( + "audited-paths", List.of(), String.class, + "List of paths that should audited", + "Takes effect on next host admin tick", + HOSTNAME); + public static final UnboundBooleanFlag GENERATE_L4_ROUTING_CONFIG = defineFeatureFlag( "generate-l4-routing-config", false, "Whether routing nodes should generate L4 routing config", @@ -218,8 +230,7 @@ public class Flags { public static final UnboundStringFlag ENDPOINT_CERTIFICATE_BACKFILL = defineStringFlag( "endpoint-certificate-backfill", "disable", "Whether the endpoint certificate maintainer should backfill missing certificate data from cameo", - "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\"" - ); + "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\""); public static final UnboundBooleanFlag USE_NEW_ATHENZ_FILTER = defineFeatureFlag( "use-new-athenz-filter", false, |