Bird
0
0

After running:

medium📝 Troubleshoot Q7 of 15
Docker - Security
After running:
docker run --cap-drop ALL --cap-add NET_ADMIN --cap-add CHOWN myimage

the container cannot modify network interfaces. What is the likely cause?
AThe CAP_CHOWN capability conflicts with CAP_NET_ADMIN
BThe container lacks the CAP_NET_RAW capability needed for network interface changes
CThe --cap-drop ALL removes all capabilities including those added later
DThe image does not support network modifications
Step-by-Step Solution
Solution:

  1. Step 1: Analyze capabilities added

    The command adds NET_ADMIN and CHOWN after dropping all.

  2. Step 2: Understand network modification requirements

    Modifying network interfaces often requires NET_RAW capability, which is not added here.

  3. Step 3: Identify missing capability

    Without NET_RAW, network interface changes fail despite NET_ADMIN.

  4. Final Answer:

    The container lacks the CAP_NET_RAW capability needed for network interface changes -> Option B

  5. Quick Check:

    Missing CAP_NET_RAW blocks network interface changes [OK]
Quick Trick: NET_ADMIN alone may not suffice; NET_RAW often required [OK]
Common Mistakes:
  • Assuming CAP_NET_ADMIN alone allows all network changes
  • Believing --cap-drop ALL removes added capabilities
  • Thinking CAP_CHOWN affects network capabilities

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Read-only filesystem containers - Quiz 11easy Docker Swarm - Why orchestration matters - Quiz 2easy Docker Swarm - Swarm mode initialization - Quiz 9hard Image Optimization - Reducing image size strategies - Quiz 9hard Logging and Monitoring - Why monitoring containers matters - Quiz 15hard Logging and Monitoring - Container metrics collection - Quiz 12easy Production Patterns - Sidecar container pattern - Quiz 5medium Production Patterns - Backup and restore strategies - Quiz 8hard Production Patterns - Container orchestration in production - Quiz 3easy Resource Management - CPU limits and reservations - Quiz 10hard