Kubernetes container security – Linux capabilities

The following Linux capabilities describe how unprivileged processes (including those running in containers with a UID and GID of non-zero) these capabilities are per-thread capabilities and the allow an unprivileged process perform certain actions, pending permissions.

This document describes the different capabilities – their meaning and things to lookout for when deploying them on a production cluster.

Continue reading "Kubernetes container security – Linux capabilities"