An organization is deploying a container that requires additional privileges for certain kernel-level tasks. The security team wants to avoid granting overly broad permissions. Which approach best addresses the need for advanced functionality while managing risk?
Configure the container to run with the necessary privileges for kernel-level tasks
Use host networking mode to minimize networking configuration complexity
Adjust protection measures to include manual checks when necessary
Assign the needed capabilities beyond the default user context
Allowing only the precise capabilities required by a limited user can handle advanced tasks and reduce the blast radius if something goes wrong. Granting broad permissions to a privileged container or substituting layered security with manual strategies leaves the environment more exposed, and altering the networking mode alone does not help reduce excessive permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are capabilities in container security?
Open an interactive chat with Bash
How does assigning capabilities differ from running a container as privileged?
Open an interactive chat with Bash
Why doesn’t host networking mode address excessive permissions in containers?