Newer versions of docker have --cap-add, what CAP's can be added?

linux docker linux-capabilities
hookenz picture hookenz · Jun 18, 2015 · Viewed 7.2k times · Source

Newer versions of docker (I think 1.2 and later) have a --cap-add feature.

This gives fine grained control of feature capabilities without opening up everything with --privileged=true.

I've googled it, but can't find a list of capabilities and what they mean. Can anyone help?

Answer

hookenz picture hookenz · Jun 18, 2015

Funny enough... I googled this for an hour and couldn't find an answer. I ask the question here and found it in 2 secs.

http://man7.org/linux/man-pages/man7/capabilities.7.html

When passing these to docker, you need to drop the CAP_ in the name.

i.e. to allow mounting inside a docker container

docker run --cap_add SYS_ADMIN ...

Related questions

Docker can't connect to docker daemon

After I update my Docker version to 0.8.0, I get an error message while entering sudo docker version: Client version: 0.8.0 Go version (client): go1.2 Git commit (client): cc3a8c8 2014/02/19 12:54:16 Can't connect to docker daemon. Is 'docker -d' running on this …

Read More
Exploring Docker container's file system

I've noticed with docker that I need to understand what's happening inside a container or what files exist in there. One example is downloading images from the docker index - you don't have a clue what the image contains so …

Read More
Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running?

I have applied every solution available on internet but still I cannot run Docker. I want to use Scrapy Splash on my server. Here is history of commands I ran. docker run -p 8050:8050 scrapinghub/splash sudo docker run -p 8050:8050 scrapinghub/…

Read More