mirror of
https://github.com/truenas/charts.git
synced 2026-04-05 03:39:20 +08:00
47 lines
1.6 KiB
YAML
47 lines
1.6 KiB
YAML
runAsContext:
|
|
- userName: root
|
|
groupName: root
|
|
gid: 0
|
|
uid: 0
|
|
description: Netdata runs as root user.
|
|
capabilities:
|
|
- name: CHOWN
|
|
description: Netdata is able to chown files.
|
|
- name: FOWNER
|
|
description: Netdata is able to bypass permission checks for it's sub-processes.
|
|
- name: SYS_CHROOT
|
|
description: Netdata is able to use chroot.
|
|
- name: MKNOD
|
|
description: Netdata is able to create device nodes.
|
|
- name: DAC_OVERRIDE
|
|
description: Netdata is able to bypass permission checks.
|
|
- name: FSETID
|
|
description: Netdata is able to set file capabilities.
|
|
- name: KILL
|
|
description: Netdata is able to kill processes.
|
|
- name: SETGID
|
|
description: Netdata is able to set group ID for it's sub-processes.
|
|
- name: SETUID
|
|
description: Netdata is able to set user ID for it's sub-processes.
|
|
- name: SETPCAP
|
|
description: Netdata is able to set process capabilities.
|
|
- name: NET_BIND_SERVICE
|
|
description: Netdata is able to bind to privileged ports.
|
|
- name: NET_RAW
|
|
description: Netdata is able to use raw sockets.
|
|
- name: SETFCAP
|
|
description: Netdata is able to set file capabilities.
|
|
- name: PTRACE
|
|
description: Netdata is able to trace processes.
|
|
- name: AUDIT_WRITE
|
|
description: Netdata is able to write to audit log.
|
|
hostMounts:
|
|
- hostPath: /etc/os-release
|
|
description: Required to read the OS release information.
|
|
- hostPath: /etc/passwd
|
|
description: Required to read the user information.
|
|
- hostPath: /etc/group
|
|
description: Required to read the group information.
|
|
- hostPath: /proc
|
|
description: Required to read the processes information.
|