0
0
Dockerdevops

Capabilities and privilege control in Docker - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is the purpose of Linux capabilities in Docker containers?
Linux capabilities allow fine-grained control over the privileges a container has, limiting what it can do to improve security.
Click to reveal answer
beginner
How do you drop all Linux capabilities from a Docker container?
Use the flag --cap-drop=ALL when running the container to remove all extra privileges.
Click to reveal answer
intermediate
What does running a Docker container with --privileged do?
It gives the container almost all the host's capabilities, allowing it to perform many sensitive operations, which can be risky.
Click to reveal answer
beginner
Name one reason to avoid using --privileged mode in Docker containers.
Because it grants too many permissions, it can lead to security risks if the container is compromised.
Click to reveal answer
beginner
How can you add a specific capability to a Docker container?
Use the flag --cap-add=CAP_NAME when running the container, replacing CAP_NAME with the capability you want to add.
Click to reveal answer
Which Docker flag removes all Linux capabilities from a container?
A--cap-drop=ALL
B--privileged
C--cap-add=ALL
D--no-capabilities
What effect does the --privileged flag have on a Docker container?
ARemoves all capabilities
BAdds only network capabilities
CGrants almost all host capabilities
DRuns the container as root user only
Why should you avoid using --privileged unless necessary?
AIt slows down the container
BIt increases security risks
CIt disables networking
DIt prevents container startup
How do you add the capability to allow raw socket access to a Docker container?
A--cap-add=NET_RAW
B--cap-drop=NET_RAW
C--privileged
D--net=host
What is the default privilege level of Docker containers regarding capabilities?
AContainers run with all capabilities
BContainers run with no capabilities
CContainers run with privileged mode enabled
DContainers run with a limited set of capabilities
Explain how Linux capabilities help improve Docker container security.
Think about how giving fewer permissions can protect the host.
You got /3 concepts.
    Describe the risks and benefits of using the --privileged flag in Docker.
    Consider what happens when a container can do almost anything on the host.
    You got /4 concepts.