You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When checking if a container is privileged in the docker ps plugin, the capabilities value is compared to 0x3fffffffff. This value represents all available capabilities on modern kernels that were tested, but it may be different on older (and even future) kernels.
I suggest performing a version-independent check, where instead of comparing to a static value, the container's capabilities are compared to the capabilities of the init task (PID 1), which must be privileged.
The text was updated successfully, but these errors were encountered:
When checking if a container is privileged in the docker ps plugin, the capabilities value is compared to 0x3fffffffff. This value represents all available capabilities on modern kernels that were tested, but it may be different on older (and even future) kernels.
I suggest performing a version-independent check, where instead of comparing to a static value, the container's capabilities are compared to the capabilities of the init task (PID 1), which must be privileged.
The text was updated successfully, but these errors were encountered: