Docker security

Container breakouts : Abusing capabilities

By default, the Docker containers run with limited capabilities. Therefore to perform a privileged operation (like updating time, debugging process etc) the container requires additional capabilities. And, most of the time instead of defining the specific ones, people just run the container in the privileged mode (with --privileged) which add some additional capabilities and permissions, then can lead to compromise of the underlying host machine.