Setcap checks

Build the image

docker build -t readonly .

Run the docker images

Show how the setcap stuff works in conjunction with dropping all capabilities.

$ docker-compose run --rm readonly --readonly
$ docker-compose run --rm readonly-setcap --readonly
exec /usr/local/bin/readonly-setcap: operation not permitted
$ docker-compose run --rm readonly --readonly

About

Languages

Language:Dockerfile 78.7%Language:Go 21.3%