Kubernetes container security – Linux capabilities
The following Linux capabilities describe how unprivileged processes (including those running in containers with a UID and GID of non-zero) these capabilities are per-thread capabilities and the allow an unprivileged process perform certain actions, pending permissions.
This document describes the different capabilities – their meaning and things to lookout for when deploying them on a production cluster.
Continue reading "Kubernetes container security – Linux capabilities"