b43863ae2a
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2345676 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
840 B
####> This option file is used in: ####> podman create, run ####> If file is edited, make sure the changes ####> are applicable to all of those.
--cap-add=capability
Add Linux capabilities.
Granting additional capabilities increases the privileges of the
processes running inside the container and potentially allow it to
break out of confinement. Capabilities like CAP_SYS_ADMIN,
CAP_SYS_PTRACE, CAP_MKNOD and CAP_SYS_MODULE are particularly
dangerous when they are not used within a user namespace. Please
refer to user_namespaces(7) for a more detailed explanation of the
interaction between user namespaces and capabilities.
Before adding any capability, review its security implications and ensure it is really necessary for the container’s functionality. See capabilities(7) for more information.