Tag
linux-capabilities
Safeguard articles tagged "linux-capabilities" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Container Security
Containers Not Dropping Default Linux Capabilities
Docker grants every container 14 Linux capabilities by default. Here's why NET_RAW, SYS_CHROOT, and friends turn contained compromises into breakouts—and how to drop them safely.
Oct 28, 20257 min read
Containers
Docker Privileged Mode: What It Unlocks and Why to Avoid It
One flag, --privileged, hands a container almost the same power as root on the host. Here is exactly what it turns on, why it breaks isolation, and the narrow capabilities that replace it.
Sep 16, 20256 min read