apptainer capability drop
Remove capabilities from a user or group (requires root)
Remove Linux capabilities from a user/group. NOTE: This command requires root to run.
The capabilities argument must be separated by commas and is not case sensitive.
To see available capabilities, type “apptainer capability avail” or refer to capabilities manual “man 7 capabilities”
apptainer capability drop [drop options...] <capabilities>
$ sudo apptainer capability drop --user nobody AUDIT_READ,CHOWN $ sudo apptainer capability drop --group nobody audit_write To drop all capabilities for a user: $ sudo apptainer capability drop --user nobody all
-g, --group string manage capabilities for a group -h, --help help for drop -u, --user string manage capabilities for a user
apptainer capability - Manage Linux capabilities for users and groups
Auto generated by spf13/cobra on 7-Jun-2023