Google
FeaturePolicy defines features allowed to be used on RBE instances, as well as instance-wide behavior changes that take effect without opt-in or opt-out at usage time.
Constructors
Properties
Which container image sources are allowed. Currently only RBE-supported registry (gcr.io) is allowed. One can allow all repositories under a project or one specific repository only. E.g. container_image_sources { policy: RESTRICTED allowed_values: "gcr.io/project-foo", "gcr.io/project-bar/repo-baz", } will allow any repositories under "gcr.io/project-foo" plus the repository "gcr.io/project-bar/repo-baz". Default (UNSPECIFIED) is equivalent to any source is allowed.
Whether dockerAddCapabilities can be used or what capabilities are allowed.
Whether dockerChrootPath can be used.
Whether dockerNetwork can be used or what network modes are allowed. E.g. one may allow off value only via allowed_values.
Whether dockerPrivileged can be used.
Whether dockerRunAsRoot can be used.
Whether dockerRuntime is allowed to be set or what runtimes are allowed. Note linux_isolation takes precedence, and if set, docker_runtime values may be rejected if they are incompatible with the selected isolation.
Whether dockerSiblingContainers can be used.
linux_isolation allows overriding the docker runtime used for containers started on Linux.