A Debugging Story That Will Change How You Think About Container Capabilities You are...
A Debugging Story That Will Change How You Think About Container Capabilities
You are a platform engineer running OpenShift. A development team runs a monitoring sidecar as a non-root user that needs to perform ICMP ping health checks. They need CAP_NET_RAW - the capability required for raw socket access. Straightforward enough.
The SCC is configured to allow the capability:
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
Bringing Claude self-hosted sandboxes to OpenShell on Red Hat AI
Red Hat AI and OpenShell: Driving security-enhanced agent execution for enterprise AI
Securing AI agent credentials with MCP tunnels
OpenShift: Consistent integration for the hybrid enterprise
Tool: CSP Allow-list Experiment
AI Coding Agent Horror Stories: Security Risks Explained | Docker
From SSH to REST: A Security-Driven Modernization of Slack’s EMR Data Pipelines
