Set/View root user capabilities

On a host root user comes with a set of privileges which can be seen under

cat /usr/include/linux/capability.h

Docker runs a root user with limited set of capabilities. To give docker user extra capabilities as the normal root user would add param –cap-add as such

docker run --cap-add MAC_ADMIN ubutu

To drop privileges to the docker root user add param –cap-drop as such

docker run --cap-drop KILL ubuntu

In case you want to run docker root user with all privileges add param –privileged

docker run --privileged ubuntu

Leave a Reply

Your email address will not be published. Required fields are marked *