Bird
0
0

You want to run a container that can mount filesystems but nothing else. Which capability should you add explicitly after dropping all capabilities?

hard📝 Workflow Q8 of 15
Docker - Security
You want to run a container that can mount filesystems but nothing else. Which capability should you add explicitly after dropping all capabilities?
ANET_ADMIN
BSYS_ADMIN
CCHOWN
DSYS_TIME
Step-by-Step Solution
Solution:

  1. Step 1: Identify capability needed for mounting filesystems

    The SYS_ADMIN capability allows mounting and unmounting filesystems.

  2. Step 2: Confirm other options are unrelated

    NET_ADMIN is for network, CHOWN for changing ownership, SYS_TIME for changing system time.

  3. Final Answer:

    SYS_ADMIN -> Option B

  4. Quick Check:

    Mounting requires SYS_ADMIN capability [OK]
Quick Trick: Add SYS_ADMIN to allow mounting filesystems [OK]
Common Mistakes:
  • Choosing NET_ADMIN for mounting
  • Confusing CHOWN with mount permissions
  • Ignoring SYS_ADMIN's broad privileges

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Read-only filesystem containers - Quiz 11easy Docker Swarm - Why orchestration matters - Quiz 2easy Docker Swarm - Swarm mode initialization - Quiz 9hard Image Optimization - Reducing image size strategies - Quiz 9hard Logging and Monitoring - Why monitoring containers matters - Quiz 15hard Logging and Monitoring - Container metrics collection - Quiz 12easy Production Patterns - Sidecar container pattern - Quiz 5medium Production Patterns - Backup and restore strategies - Quiz 8hard Production Patterns - Container orchestration in production - Quiz 3easy Resource Management - CPU limits and reservations - Quiz 10hard