Bird
0
0

You want to run a container with minimal privileges but allow it to change the system clock. Which command achieves this?

hard📝 Workflow Q9 of 15
Docker - Security
You want to run a container with minimal privileges but allow it to change the system clock. Which command achieves this?
Adocker run --cap-drop ALL --cap-add SYS_TIME myimage
Bdocker run --privileged myimage
Cdocker run --cap-add SYS_TIME myimage
Ddocker run --cap-drop SYS_TIME myimage
Step-by-Step Solution
Solution:

  1. Step 1: Understand minimal privileges with specific capability

    Dropping all capabilities and adding only SYS_TIME limits privileges but allows changing system clock.

  2. Step 2: Compare other options

    --privileged grants all capabilities, --cap-add SYS_TIME alone does not drop others, and --cap-drop SYS_TIME removes the needed capability.

  3. Final Answer:

    docker run --cap-drop ALL --cap-add SYS_TIME myimage -> Option A

  4. Quick Check:

    Drop all then add SYS_TIME for minimal clock change rights [OK]
Quick Trick: Drop all then add SYS_TIME for clock changes only [OK]
Common Mistakes:
  • Using --privileged for minimal privileges
  • Not dropping all capabilities first
  • Removing SYS_TIME capability accidentally

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Docker Quizzes
Docker Security - Read-only filesystem containers - Quiz 11easy Docker Swarm - Why orchestration matters - Quiz 2easy Docker Swarm - Swarm mode initialization - Quiz 9hard Image Optimization - Reducing image size strategies - Quiz 9hard Logging and Monitoring - Why monitoring containers matters - Quiz 15hard Logging and Monitoring - Container metrics collection - Quiz 12easy Production Patterns - Sidecar container pattern - Quiz 5medium Production Patterns - Backup and restore strategies - Quiz 8hard Production Patterns - Container orchestration in production - Quiz 3easy Resource Management - CPU limits and reservations - Quiz 10hard