Drop unused capabilities from containers

Registered by Christian Berendt on 2016-12-16

With Docker it is possible to drop unused capabilities from containers. It should be checked if it is possible there are unused capabilities that can be dropped by default (e.g. mknod).

http://rhelblog.redhat.com/2016/10/17/secure-your-containers-with-this-one-weird-trick/

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Christian Berendt
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.