- Difficulty level
- Unknown (require assessment)
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Improvement (missing useful functionality)
According to https://man7.org/linux/man-pages/man7/capabilities.7.html this capability can load, unload AND delete kernel modules.
I think a security warning or such for the tabcompletion should exist for that setting.
That is whatever you now run as container might not be as isolated as you think if you enable this capability.