opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-03 12:17:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/docs/source/markdown/options/cap-add.md
Giuseppe Scrivano b43863ae2a docs: warn about adding capabilities 
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2345676

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-02-18 15:23:29 +01:00

20 lines
840 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

####> This option file is used in:
####> podman create, run
####> If file is edited, make sure the changes
####> are applicable to all of those.
#### **--cap-add**=*capability*
Add Linux capabilities.
Granting additional capabilities increases the privileges of the
processes running inside the container and potentially allow it to
break out of confinement. Capabilities like `CAP_SYS_ADMIN`,
`CAP_SYS_PTRACE`, `CAP_MKNOD` and `CAP_SYS_MODULE` are particularly
dangerous when they are not used within a user namespace. Please
refer to **user_namespaces(7)** for a more detailed explanation of the
interaction between user namespaces and capabilities.
Before adding any capability, review its security implications and
ensure it is really necessary for the containers functionality. See
**capabilities(7)** for more information.
Reference in New Issue View Git Blame Copy Permalink