DCA · Question #136
DCA Question #136: Real Exam Question with Answer & Explanation
The correct answer is A: Yes. Linux capabilities restrict privileged operations within containers, and setting the system time typically requires a capability that is dropped by default for security.
Question
A users attempts to set the system time from inside a Docker container are unsuccessful. Could this be blocking this operation? Solution: Linux capabilities
Options
- AYes
- BNo
Explanation
Linux capabilities restrict privileged operations within containers, and setting the system time typically requires a capability that is dropped by default for security.
Common mistakes.
- B. Linux capabilities are specifically designed to control granular permissions for processes, and their absence for a particular operation like
CAP_SYS_TIMEis a direct cause for an attempt to set system time to fail.
Concept tested. Linux capabilities and Docker security
Reference. https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
Topics
Community Discussion
No community discussion yet for this question.