Newer versions of docker have --cap-add, what CAP's can be added?

hookenz picture hookenz · Jun 18, 2015 · Viewed 7.2k times · Source

Newer versions of docker (I think 1.2 and later) have a --cap-add feature.

This gives fine grained control of feature capabilities without opening up everything with --privileged=true.

I've googled it, but can't find a list of capabilities and what they mean. Can anyone help?

Answer

hookenz picture hookenz · Jun 18, 2015

Funny enough... I googled this for an hour and couldn't find an answer. I ask the question here and found it in 2 secs.

http://man7.org/linux/man-pages/man7/capabilities.7.html

When passing these to docker, you need to drop the CAP_ in the name.

i.e. to allow mounting inside a docker container

docker run --cap_add SYS_ADMIN ...