Skip to content

Add support to containerRunOptions for --cap-drop #389

New issue
New issue
Open
#390
Open
Add support to containerRunOptions for --cap-drop#389
#390
@ddl-ebrown

Description

@ddl-ebrown
ddl-ebrown
opened on Oct 24, 2023

For security reasons, it's often desirable to drop all linux capabilities when running containers in Kubernetes. However, there is currently only a way to add capabilities for tests and no way to drop them.

As seen in, #327, support was only added for --cap-add

--cap-drop can similarly remove default capabilities - see https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions