Which Linux capabilities are required to properly function?

Question

Which Linux capabilities are required to properly function?

juniorz opened this issue 2 years ago · 1 comments

It would be great to have documented in the README which Linux capabilities are required by dumb-init in order to function properly.

We often see tools in the Kubernetes ecosystem being obsessed with dropping all capabilities via

securityContext:
  capabilities:
    drop:
    - ALL

and then operators learn the container uses dumb-init as PID1 when they notice the termination of pods is broken because dumb-init is unable to terminate all children processes.

Answer 1 · 2022-09-29T13:06:45.000Z

can you provide more information and/or determine this yourself and send a patch? it's unclear what error you're trying to solve and if you included your error message then others can find it as well

oddly enough I haven't had issues with dumb-init and zero capabilities so it's possible you're running into some other problem?