singularity capability drop¶
Remove capabilities from a user or group (requires root)
Remove Linux capabilities from an user/group. NOTE: This command requires root to run.
The capabilities argument must be separated by commas and is not case sensitive.
To see available capabilities, type “singularity capability avail” or refer to capabilities manual “man 7 capabilities”
singularity capability drop [drop options...] <capabilities>
$ sudo singularity capability drop --user nobody AUDIT_READ,CHOWN $ sudo singularity capability drop --group nobody audit_write To drop all capabilities for a user: $ sudo singularity capability drop --user nobody all
-g, --group string remove capabilities from a group -h, --help help for drop -u, --user string remove capabilities from a user