use --cap-add instead of --privileged

opencopilot · Jul 3, 2018 · d0c208b · d0c208b
1 parent ca3081c
commit d0c208b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/templates/userdata.sh.coreos_stable.tpl b/templates/userdata.sh.coreos_stable.tpl
@@ -94,7 +94,7 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 ExecStartPre=/usr/bin/docker pull quay.io/opencopilot/packet-ip-sidecar
-ExecStart=/usr/bin/docker run --name packet-ip-sidecar --net host --privileged quay.io/opencopilot/packet-ip-sidecar
+ExecStart=/usr/bin/docker run --name packet-ip-sidecar --net host --cap-add NET_ADMIN quay.io/opencopilot/packet-ip-sidecar
 ExecStop=/usr/bin/docker stop packet-ip-sidecar
 
 [Install]

diff --git a/templates/userdata.sh.ubuntu_16_04.tpl b/templates/userdata.sh.ubuntu_16_04.tpl
@@ -65,6 +65,6 @@ docker run -d \
 docker run -d \
   --name packet-ip-sidecar \
   --net host \
-  --privileged \
+  --cap-add NET_ADMIN \
   --restart=always \
   quay.io/opencopilot/packet-ip-sidecar