https://bugzilla.kernel.org/show_bug.cgi?id=216667 --- Comment #2 from Monthero Ronald (rhmcruiser@xxxxxxxxx) --- If curious you can also check the process capabilities set and decode their capabilities set flags for - permitted, inherited and ambient as below. The capabilities set can differ based on process , user and privileges Example: test$ ps alx | grep docker 4 0 2068 1 20 0 1834532 76808 - Ssl ? 0:16 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 0 1000 70187 65976 20 0 17868 2504 pipe_r S+ pts/7 0:00 grep --color=auto docker test$ test$ egrep Cap /proc/2068/status CapInh: 0000000000000000 CapPrm: 000001ffffffffff CapEff: 000001ffffffffff CapBnd: 000001ffffffffff CapAmb: 0000000000000000 test$ Decode the capability flags for this process test$ capsh --decode=000001ffffffffff 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore test$ -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
