Merge pull request #12395 from vespa-engine/freva/flags

Add docker security task flags

1 files changed, 13 insertions, 2 deletions

diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index a7bb0c6244e..05953f7d5b7 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -198,6 +198,18 @@ public class Flags {
             "Whether to disable CM3.", "Takes effect on next host admin tick",
             HOSTNAME);
 
+    public static final UnboundBooleanFlag RESTRICT_ACQUIRING_NEW_PRIVILEGES = defineFeatureFlag(
+            "restrict-acquiring-new-privileges", false,
+            "Whether docker daemon should restrict containers from acquiring new privileges",
+            "Takes effect on next host admin tick",
+            HOSTNAME);
+
+    public static final UnboundListFlag<String> AUDITED_PATHS = defineListFlag(
+            "audited-paths", List.of(), String.class,
+            "List of paths that should audited",
+            "Takes effect on next host admin tick",
+            HOSTNAME);
+
     public static final UnboundBooleanFlag GENERATE_L4_ROUTING_CONFIG = defineFeatureFlag(
             "generate-l4-routing-config", false,
             "Whether routing nodes should generate L4 routing config",
@@ -218,8 +230,7 @@ public class Flags {
     public static final UnboundStringFlag ENDPOINT_CERTIFICATE_BACKFILL = defineStringFlag(
             "endpoint-certificate-backfill", "disable",
             "Whether the endpoint certificate maintainer should backfill missing certificate data from cameo",
-            "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\""
-    );
+            "Takes effect on next scheduled run of maintainer - set to \"disable\", \"dryrun\" or \"enable\"");
 
     public static final UnboundBooleanFlag USE_NEW_ATHENZ_FILTER = defineFeatureFlag(
             "use-new-athenz-filter", false,