Docker 和 Podman 中的 Linux Capabilities
在运行 Docker (或 Podman) 容器时,有时即使使用 root 用户或者使用了 sudo,也会出现 Operation not permitted 的错误信息。这是因为容器中的 root 并不具有完整的 root 权限。这种权限的控制是通过 Linux capabilities 实现的。本文将首先介绍 Linux capabilities 的概念,然后以 Docker 为例介绍如何调整容器的 capabilities,最后介绍 Docker 和 Podman 在默认 capabilities 上的差异,以为容器的开发者和用户提供参考。
Linux Capabilities in Docker and Podman
When running Docker (or Podman) containers, sometimes you may encounter Operation not permitted error messages even if you are using the root user or sudo. This is because the root in the container does not have full root permissions. This permission control is implemented through Linux capabilities. This article will first introduce the concept of Linux capabilities, then use Docker as an example to introduce how to adjust the Linux capabilities of containers, and finally introduce the differences between Docker and Podman in default capabilities, providing reference for container developers and users.