Fun with Capabilities
Capabilities are an interesting area of Linux security and one which has some application to containers. Whilst the details of how they work have been well documented (I’d recommend reading Adrian Mouat’s two part series here and here) I thought it was worth looking at a couple of neat tricks we can use do with file capabilities when using containers.