opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-28 17:18:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
098d8efecc6c9bb8a263a8dc1864273327fbb214
podman/docs/source/markdown/options/cap-add.md
Paul Holzinger 070d7c3ad3 Revert "Rewrite the Quadlet documentation." 
This reverts commit c12b1b32bc.

The content contains incorrect information and misses a lot of details
from the previous page that must be restored.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-09-11 19:00:19 +02:00

20 lines
840 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
####> This option file is used in:
####> podman create, run
####> If file is edited, make sure the changes
####> are applicable to all of those.
#### **--cap-add**=*capability*
Add Linux capabilities.
Granting additional capabilities increases the privileges of the
processes running inside the container and potentially allow it to
break out of confinement. Capabilities like `CAP_SYS_ADMIN`,
`CAP_SYS_PTRACE`, `CAP_MKNOD` and `CAP_SYS_MODULE` are particularly
dangerous when they are not used within a user namespace. Please
refer to **user_namespaces(7)** for a more detailed explanation of the
interaction between user namespaces and capabilities.
Before adding any capability, review its security implications and
ensure it is really necessary for the containers functionality. See
**capabilities(7)** for more information.
Reference in New Issue View Git Blame Copy Permalink