Newer versions of docker (I think 1.2 and later) have a --cap-add
feature.
This gives fine grained control of feature capabilities without opening up everything with --privileged=true
.
I've googled it, but can't find a list of capabilities and what they mean. Can anyone help?
Funny enough... I googled this for an hour and couldn't find an answer. I ask the question here and found it in 2 secs.
http://man7.org/linux/man-pages/man7/capabilities.7.html
When passing these to docker, you need to drop the CAP_ in the name.
i.e. to allow mounting inside a docker container
docker run --cap_add SYS_ADMIN ...