dockerlabs icon indicating copy to clipboard operation
dockerlabs copied to clipboard

Published 20 hours ago verified publisher icon collabnix

docs: Capabilities page - Images can store file-based capabilities

Open polarathene opened this issue 1 year ago • 2 comments

https://dockerlabs.collabnix.com/advanced/security/capabilities/

https://github.com/collabnix/dockerlabs/blob/962fab827c2fb7b8b6149f3d3241cddde0479353/advanced/security/capabilities/README.md?plain=1#L37

https://github.com/collabnix/dockerlabs/blob/962fab827c2fb7b8b6149f3d3241cddde0479353/advanced/security/capabilities/README.md?plain=1#L281

These are inaccurate. The limitation was removed with BuildKit / buildx IIRC which has been the default image builder since Docker 23 (released Feb 2023), which can preserve extended file attributes.

I believe the main issue prior was that you'd lose the extended attributes via a COPY but they would otherwise remain intact so long as the image layer was on a file system that supported the file attributes? (I recall an issue with AUFS, which may still be problematic for some NAS systems)

polarathene avatar Dec 21 '23 03:12 polarathene

@polarathene Thanks for reporting this. Would you like to raise PR and get it fixed.

collabnix avatar Jan 09 '24 06:01 collabnix

@polarathene Thanks for reporting this.

You're welcome :)

Would you like to raise PR and get it fixed.

No thank you, large backlog to work through for a while 😅 Just came across the article at the time and thought I'd raise awareness that it was outdated information.

polarathene avatar Jan 09 '24 08:01 polarathene