I'm running a Openresty nginx container, which is running on top of SeLinux enabled RHEL 9.4 host box.
What are the minimum capabilities the ngnix container should have for the basic ngnix + lua functionalities to work properly? Wanted to know if any functionality will break I remove any of the capabilities?
These are the default capabilities added when I start the container.
cap_chown
cap_dac_override
cap_fowner
cap_fsetid
cap_kill
cap_net_bind_service
cap_setfcap
cap_setgid
cap_setpcap
cap_setuid
cap_sys_chroot
I can understand cap_net_bind_service is required to bind any system port with the container.
Do we need cap_setuid capability?