Discussion in 'all things UNIX' started by lotuseclat79, Oct 17, 2016.
Secure Your Containers with Linux Capabilities
This is a very interesting article. Thanks.
Super fun read! I sense some "playing with this" on the horizon. LOL!!
... Okay, cool. Now why does Docker not do this by default? Likewise with seccomp restrictions, which are available on literally every kernel that supports Docker.
"Security" is pointless if it's not automatic.
This is what Firejail does. In most profiles all capabilities are disabled.
Separate names with a comma.