Container Internals and Runtime Engineering

Capabilities and the Root Illusion

A container runs as root. Is that dangerous? The honest answer is 'it depends entirely on capabilities' and most engineers can't explain why.

The concept and how it works

Coming soon.

Kernel and runtime level detail

Coming soon.

Practical examples and commands

Coming soon.

Common mistakes

Coming soon.

INTERVIEW QUESTION

A container runs as root but with all capabilities dropped. Another runs as an unprivileged user but with CAP_SYS_ADMIN. Which is more dangerous and why?