This is particularly useful for the tailscale container outside of user-space.
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Improvement (missing useful functionality)
Event Timeline
Comment Actions
According to https://man7.org/linux/man-pages/man7/capabilities.7.html this capability can load, unload AND delete kernel modules.
I think a security warning or such for the tabcompletion should exist for that setting.
That is whatever you now run as container might not be as isolated as you think if you enable this capability.