Hi Jorge,

Thanks for reaching out!

There is a cool tool that can do that:

https://github.com/clustership/inspektor-gadget/

Note that inspektor gadget is designed to run in Kubernetes, so it may not

be as straight forward as running a Podman command. We have another tool to easily generate custom seccomp profiles (https://github.com/containers/oci-seccomp-bpf-hook) and have ideas to extend it to also cover capabilities, but we haven't found time to tackle that yet.

Kind regards,

Valentin

On Wed, Jan 6, 2021 at 9:56 PM Jorge Fábregas <jorge.fabregas@gmail.com> wrote:

Hi,

Is there an easy way to figure out which capabilities are needed for a
container other than playing out with the cap-drop & cap-add options?

Thanks.

--
Jorge
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io