Can you advise the appropriate capabilities required for the Hydra Docker container?

[mig5]

Apologies if this has been asked before - I searched and couldn't find anything.

Docker supports the ability to drop all 'capabilities' and add only the ones you need (e.g NET_BIND_SERVICE, SET_UID, CHOWN, FOWNER, etc)

https://www.redhat.com/en/blog/secure-your-containers-one-weird-trick

Can you advise what capabilities Ory Hydra requires, if one were to drop all by default, and add only the required ones, as a hardening measure? Has anyone tried it?

Thanks in advance!

[vinckr]

Hello @mig5

interesting! It is the first time I come across this, so I dont think we have any documentation around that.
From the list you posted I cant really tell what would be required - none of them seem mandatory to me, but I am also not an expert in docker/containers 🤔
Have you tried dropping all capabilities and see what happens?

Cheers