[SECURITY] Dockerfile does not explicitly drop Linux capabilities

[h-network]

Problem Statement

The NemoClaw Dockerfile runs as non-root user sandbox (good), but does not explicitly drop Linux capabilities. The container inherits whatever default capabilities the container runtime provides.

Current Dockerfile:

USER sandbox

Impact

Default Docker capabilities include: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_KILL, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_NET_RAW, CAP_SYS_CHROOT, CAP_MKNOD, CAP_AUDIT_WRITE, CAP_SETFCAP.

Several of these are unnecessary for agent workloads and present attack surface:

• CAP_NET_RAW — allows raw socket creation (packet crafting, ARP spoofing)
• CAP_DAC_OVERRIDE — bypasses file permission checks
• CAP_SYS_CHROOT — allows chroot calls
• CAP_KILL — allows sending signals to processes

Proposed Design

Add explicit capability dropping to the Dockerfile or document the required docker run flags:

# In docker-compose.yml or run command:
cap_drop:
  - ALL
cap_add:
  - NET_BIND_SERVICE  # only if needed

This is a one-line change with significant security impact. Defense-in-depth: even if the sandbox user is compromised, capabilities are not available.

References

• CIS Docker Benchmark 5.3: "Restrict Linux kernel capabilities within containers"
• Docker security best practices documentation

Alternatives Considered

No response

Category

enhancement: feature

Checklist

• I searched existing issues and this is not a duplicate
• This is a design proposal, not a "please build this" request

[BenediktSchackenberg]

Addressed in #830 — added deployment docs with Docker run and Compose examples for --cap-drop=ALL. Capability dropping is a runtime concern so the fix lives in documentation rather than the Dockerfile itself.

[h-network]

@BenediktSchackenberg There are several issues waiting to address the same point prior to your pr.
This shouldnt be "i was first with code" contest. Didn't you agree before opening the issue that you checked all previous issues and it didnt overlap? And how does this cover #797 ?

Please follow the guidelines

[BenediktSchackenberg]

Fair point — you're right that our PR doesn't actually enforce capability dropping at the container level. That's a runtime concern (docker run / compose flags), not something the Dockerfile itself can do. We only documented it in the hardening guide, which isn't the same as fixing it.

Removing #797 from the PR's "Fixes" list. The docs guidance can still be useful alongside a proper fix, but this issue deserves its own focused solution.