| 123456789101112131415161718192021222324252627282930313233343536373839 |
- runAsContext:
- - userName: cool
- groupName: cool
- gid: 104
- uid: 106
- description: Collabora runs as non-root user.
- - userName: root
- groupName: root
- gid: 0
- uid: 0
- description: Nginx runs as root user.
- capabilities:
- - name: CHOWN
- description: Collabora and Nginx are able to chown files.
- - name: FOWNER
- description: Collabora and Nginx are able to bypass permission checks for it's sub-processes.
- - name: SYS_CHROOT
- description: Collabora and Nginx are able to use chroot.
- - name: MKNOD
- description: Collabora and Nginx are able to create device nodes.
- - name: DAC_OVERRIDE
- description: Nginx is able to bypass permission checks.
- - name: SETGID
- description: Nginx is able to set group ID for it's sub-processes.
- - name: SETUID
- description: Nginx is able to set user ID for it's sub-processes.
- - name: FSETID
- description: Nginx is able to set file capabilities.
- - name: KILL
- description: Nginx is able to kill processes.
- - name: SETPCAP
- description: Nginx is able to set process capabilities.
- - name: NET_BIND_SERVICE
- description: Nginx is able to bind to privileged ports.
- - name: NET_RAW
- description: Nginx is able to use raw sockets.
- - name: AUDIT_WRITE
- description: Nginx is able to write to audit log.
- hostMounts: []
|
