portainer/app/docker/views/docker-features-configuration/docker-features-configuration.html

<page-header title="'Docker features configuration'" breadcrumbs="['Docker configuration']"> </page-header>

<div class="row">
  <div class="col-sm-12">
    <rd-widget>
      <rd-widget-body>
        <form class="form-horizontal" name="$ctrl.form">
          <div class="col-sm-12 form-section-title"> Host and filesystem </div>
          <div class="form-group">
            <span class="col-sm-12 text-muted small vertical-center">
              <pr-icon icon="'info'" mode="'primary'" class-name="'space-right'"></pr-icon>
              <span class="text-muted"
                >The environment must be <a href="https://docs.portainer.io/start/agent">running the Portainer Agent</a> to use this functionality, and the root of the host must be
                bind-mounted to <b>/host</b> in the agent deployment. Check
                <a href="https://docs.portainer.io/user/docker/host/setup#enable-host-management-features">our documentation</a> for more information.</span
              >
            </span>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.enableHostManagementFeatures"
                name="'enableHostManagementFeatures'"
                label="'Enable host management features'"
                tooltip="'Enable host management features: host system browsing and advanced host details.'"
                label-class="'col-sm-7 col-lg-4'"
                disabled="!$ctrl.isAgent"
                on-change="($ctrl.onChangeEnableHostManagementFeatures)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.allowVolumeBrowserForRegularUsers"
                name="'allowVolumeBrowserForRegularUsers'"
                label="'Enable volume management for non-administrators'"
                tooltip="'When enabled, regular users will be able to use Portainer volume management features.'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeAllowVolumeBrowserForRegularUsers)"
                disabled="!$ctrl.isAgent"
              ></por-switch-field>
            </div>
          </div>
          <!-- auto update window -->
          <div class="col-sm-12 form-section-title"> Change window setting </div>

          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.state.autoUpdateSettings.Enabled"
                name="'disableSysctlSettingForRegularUsers'"
                label="'Enable Change Window'"
                label-class="'col-sm-7 col-lg-4'"
                feature-id="$ctrl.limitedFeatureAutoUpdate"
                tooltip="'Specify a time-frame during which GitOps updates can occur in this environment.'"
                on-change="($ctrl.onToggleAutoUpdate)"
              >
              </por-switch-field>
            </div>
          </div>

          <!-- security -->
          <div class="col-sm-12 form-section-title"> Docker security settings </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableBindMountsForRegularUsers"
                name="'disableBindMountsForRegularUsers'"
                label="'Disable bind mounts for non-administrators'"
                tooltip="'When enabled, regular users will not be able to use bind mounts when creating containers.'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableBindMountsForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disablePrivilegedModeForRegularUsers"
                name="'disablePrivilegedModeForRegularUsers'"
                label="'Disable privileged mode for non-administrators'"
                tooltip="'When enabled, regular users will not be able to use privileged mode when creating containers.'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisablePrivilegedModeForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableHostNamespaceForRegularUsers"
                name="'disableHostNamespaceForRegularUsers'"
                label="'Disable the use of host PID 1 for non-administrators'"
                tooltip="'Prevent users from accessing the host filesystem through the host PID namespace.'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableHostNamespaceForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableStackManagementForRegularUsers"
                name="'disableStackManagementForRegularUsers'"
                label="'Disable the use of Stacks for non-administrators'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableStackManagementForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableDeviceMappingForRegularUsers"
                name="'disableDeviceMappingForRegularUsers'"
                label="'Disable device mappings for non-administrators'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableDeviceMappingForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableContainerCapabilitiesForRegularUsers"
                name="'disableContainerCapabilitiesForRegularUsers'"
                label="'Disable container capabilities for non-administrators'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableContainerCapabilitiesForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>
          <div class="form-group">
            <div class="col-sm-12">
              <por-switch-field
                checked="$ctrl.formValues.disableSysctlSettingForRegularUsers"
                name="'disableSysctlSettingForRegularUsers'"
                label="'Disable sysctl settings for non-administrators'"
                label-class="'col-sm-7 col-lg-4'"
                on-change="($ctrl.onChangeDisableSysctlSettingForRegularUsers)"
              ></por-switch-field>
            </div>
          </div>

          <div class="form-group" ng-if="$ctrl.isContainerEditDisabled()">
            <span class="col-sm-12 text-muted small">
              <pr-icon icon="'info'" mode="'primary'" class-name="'mr-0.5'"></pr-icon>
              Note: The recreate/duplicate/edit feature is currently disabled (for non-admin users) by one or more security settings.
            </span>
          </div>
          <!-- !security -->

          <!-- other -->
          <div class="col-sm-12 form-section-title"> Other </div>
          <div class="form-group">
            <div class="col-sm-12">
              <gpus-insights></gpus-insights>
            </div>
            <div class="col-sm-12">
              <por-switch-field
                label="'Show GPU in the UI'"
                tooltip="'This allows managing of GPUs for container/stack hardware acceleration via the Portainer UI.'"
                checked="$ctrl.state.enableGPUManagement"
                name="'enableGPUManagement'"
                on-change="($ctrl.onToggleGPUManagement)"
                label-class="'col-sm-7 col-lg-4'"
                disabled="!$ctrl.isDockerStandaloneEnv"
              ></por-switch-field>
            </div>
            <div class="col-sm-12">
              <div class="pl-4">
                <gpus-list ng-if="$ctrl.state.enableGPUManagement && $ctrl.endpoint" value="$ctrl.endpoint.Gpus" on-change="($ctrl.onGpusChange)"></gpus-list>
              </div>
            </div>
            <div class="col-sm-12">
              <por-switch-field
                label="'Show image up to date indicators for Stacks, Services and Containers'"
                checked="false"
                name="'outOfDateImageToggle'"
                label-class="'col-sm-7 col-lg-4'"
                feature-id="$ctrl.limitedFeatureUpToDateImage"
              ></por-switch-field>
            </div>
          </div>
          <!-- !other -->

          <!-- actions -->
          <div class="col-sm-12 form-section-title"> Actions </div>
          <div class="form-group">
            <div class="col-sm-12">
              <button
                type="button"
                class="btn btn-primary btn-sm !ml-0"
                ng-click="$ctrl.save()"
                ng-disabled="$ctrl.state.actionInProgress"
                button-spinner="$ctrl.state.actionInProgress"
              >
                <span ng-hide="$ctrl.state.actionInProgress">Save configuration</span>
                <span ng-show="$ctrl.state.actionInProgress">Saving...</span>
              </button>
            </div>
          </div>
          <!-- !actions -->
        </form>
      </rd-widget-body>
    </rd-widget>
  </div>
</div>