this is part of a short "how containers work" series I'm slowly working on, you can see more parts here: https://twitter.com/search?f=tweets&vertical=default&q=%22how%20containers%20work%22%20from%3Ab0rk&src=typd …
Prikaži ovu nit
-
-
-
as with everything else in this series, capabilities aren't *just* used for containers (you can set capabilities for any systemd service, for example!), but they're part of how container processes are isolated from the rest of the system
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Docker containers?
-
yeah or other non-Docker Linux containers
Kraj razgovora
Novi razgovor -
-
-
Hm, in e.g. docker a container has its own bridge or overlay network interface(s). Is there any way to restrict CAP_NET_ADMIN to only those interfaces seen inside the container? Or is that the default? You do seem to have a separate set of IP-tables for example...
-
Btw, I love your infographics :) You should collect all of them and make a book!
- Još 1 odgovor
Novi razgovor -
-
-
Is this already a part of one of the zines?
-
no, working on a new one
- Još 1 odgovor
Novi razgovor -
-
-
is it wrong that i just tried to copy paste the capsh --print command from the cartoon image?
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.