container: T6210: add capability sys-nice (backport #3259)

[mergify]

Change Summary

Adding sys-nice as an option for container cap-add configuration. This is needed for Suricata v7.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe): Just adding a Vyos config option for functionality that already exists in podman.

Related Task(s)

https://vyos.dev/T6210

Related PR(s)

Component(s) name

container

Proposed changes

How to test

Configured container to run latest version of containerized Suricata. Running Vyos on my home router with Suricata v7 running as a container. Running on N305 Intel CPU with 32GB RAM.

container {
    name suricata {
        allow-host-networks
        arguments "-q 1 -q 2 -q 3 -q 4"
        cap-add net-admin
        cap-add sys-admin
        cap-add sys-nice
        image jasonish/suricata:latest
        memory 8192
        volume ETC {
            destination /etc/suricata
            source /config/suricata/etc
        }
        volume LOGS {
            destination /var/log/suricata
            source /config/suricata/logs
        }
        volume RULES {
            destination /var/lib/suricata
            source /config/suricata/rules
        }
    }
}

Smoketest result

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

---

This is an automatic backport of pull request #3259 done by [Mergify](https://mergify.com).