github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/cap-drop.image.md

github.com/containers/podman/v5@v5.1.0-rc1/docs/source/markdown/options/cap-drop.image.md (about)

     1  ####> This option file is used in:
     2  ####>   podman build, farm build
     3  ####> If file is edited, make sure the changes
     4  ####> are applicable to all of those.
     5  #### **--cap-drop**=*CAP\_xxx*
     6  
     7  When executing RUN instructions, run the command specified in the instruction
     8  with the specified capability removed from its capability set.
     9  The CAP\_CHOWN, CAP\_DAC\_OVERRIDE, CAP\_FOWNER,
    10  CAP\_FSETID, CAP\_KILL, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP,
    11  CAP\_SETGID, CAP\_SETPCAP, and CAP\_SETUID capabilities are
    12  granted by default; this option can be used to remove them.
    13  
    14  If a capability is specified to both the **--cap-add** and **--cap-drop**
    15  options, it is dropped, regardless of the order in which the options were
    16  given.