docker_practice/security/kernel_capability.md

27 lines
2.2 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#
[Capability](https://man7.org/linux/man-pages/man7/capabilities.7.html) 是 Linux 内核一个强大的特性,可以提供细粒度的权限访问控制。
Linux 2.2
Web 1024 root `net_bind_service` root
Docker 使
使 Docker sshcronsyslogd
* ssh 访ssh
* cron 使
* Docker
* udevd
*
root
* mount
* 访
* 访
*
root
Docker [](https://github.com/moby/moby/blob/master/oci/caps/defaults.go) 机制,禁用必需功能之外的其它权限。
Docker