For security reasons, it's often desirable to drop all linux capabilities when running containers in Kubernetes. However, there is currently only a way to add capabilities for tests and no way to drop them.

As seen in, #327, support was only added for --cap-add

--cap-drop can similarly remove default capabilities - see https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities