Docker containers are running on servers, but remember that there is a kernel. In fact, all the processes share the same kernel. Docker comes with many capabilities such as:
- chown: To change the ownership of any file
- fowner: To bypass permission checks on operations that require the UID of a process and the UID of a file to be the same
- kill: To send kill signals to non-root processes
- setgid: To manipulate process GIDs and GID list
- setuid: To manipulate process UIDs
- net_raw: To allow the use of raw and packet sockets
To check the available capabilities, you can use the pscap command. Before that, you need to make sure that you have installed the libcap-ng-utils dependency:
sudo apt-get install libcap-ng-utils
Set user ...