Thanks for implementing T3676, this is very useful! Regarding additional capabilities, it would be nice if a few network related ones could be added. That would allow images like ntopng or zerotier to be run (and would probably bring VyOS mostly on par w/ EdgeOS and UDM for these particular kinds of containers):
- CAP_NET_RAW; and
- CAP_SYS_ADMIN
(Hope the way to report this is a-OK)