I'd like to force all docker containers to drop particular capabilities.
But configuring docker daemon /etc/docker/daemon.json
in this way fails:
{
"cap_drop": ["SYS_CHROOT", "SETFCAP", "SETPCAP", "FOWNER"]
}
I've also tried to put there cap-drop
, but it always fails with:
unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives don't match any configuration option: cap_drop
Is it even possible to force docker daemon changing this settings globally? I haven't found the list of all global settings anywhere.