[feature request] less right to the core container ?

the principal container (core) start with : 
      - SYS_ADMIN
      - SYS_RESOURCE

is very high right, i think you use it because you use systemd (and low port <1024 inside the container) in the container.... and why you use sysbox runc...

while be more safe to not use this right in container context....

it's possible to remove systemd usage in container context ?
using in place supervisord (or the go version) or s6 to avoid adding this right ?

and change default port to be higher than 1024 ?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[feature request] less right to the core container ? #11

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[feature request] less right to the core container ? #11

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions