1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
####> This option file is used in:
####> podman build, farm build
####> If file is edited, make sure the changes
####> are applicable to all of those.
#### **--cap-drop**=*CAP\_xxx*
When executing RUN instructions, run the command specified in the instruction
with the specified capability removed from its capability set.
The CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER,
CAP\_FSETID, CAP\_KILL, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP,
CAP\_SETGID, CAP\_SETPCAP, and CAP\_SETUID capabilities are
granted by default; this option can be used to remove them.
If a capability is specified to both the **--cap-add** and **--cap-drop**
options, it is dropped, regardless of the order in which the options were
given.
|
