Information
https://docs.docker.com/articles/security/#linux-kernel-capabilities
Solution
Execute the below command to add needed capabilities-
$> docker run --cap-add={'Capability 1','Capability 2'} <Run arguments> <ContainerImage Name or ID> <Command>
For example,
$> docker run --cap-add={'NET_ADMIN','SYS_ADMIN'} -i -t centos-latest /bin/bash
Execute the below command to drop unneeded capabilities-
$> docker run --cap-drop={'Capability 1','Capability 2'} <Run arguments> <Container Image Name or ID> <Command>
For example,$> docker run --cap-drop={'SETUID','SETGID'} -i -t centos-latest /bin/bash
Impact-Based on what Linux Kernel Capabilities were added or dropped, restrictions within the
container would apply.
Default Value-By default, below capabilities are available for containers-AUDIT_WRITE
CHOWN
DAC_OVERRIDE
FOWNER
FSETID
KILL
MKNOD
NET_BIND_SERVICE
NET_RAW
SETFCAP
SETGID
SETPCAP
SETUID
SYS_CHROOT