This repository was archived by the owner on May 6, 2020. It is now read-only.
This repository was archived by the owner on May 6, 2020. It is now read-only.
Evaluate use of capabilities in executables #51
Description
We should probably do a review of our executables 'capabilities', and start to remove any that are not needed (to reduce attack surface).
On the host side we should check what we can do for:
- the runtime
- the shim
- the proxy
and on the guest side we probably need to set or remove the capabilities around the workload according to the configuration (from the OCI file for instance) that is passed in/requested of us.