This is particularly useful for the tailscale container outside of user-space.
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Perfectly compatible
Related Objects
Related Objects
Event Timeline
Comment Actions
According to https://man7.org/linux/man-pages/man7/capabilities.7.html this capability can load, unload AND delete kernel modules.
I think a security warning or such for the tabcompletion should exist for that setting.
That is whatever you now run as container might not be as isolated as you think if you enable this capability.