參考資料:
https://docs.docker.com/engine/security/seccomp/
如下:
# docker run --rm -it --security-opt seccomp=unconfined debian unshare --map-root-user /bin/bash c302264da7c7:/# cat /proc/$$/status | grep -i cap CapInh: 0000000000000000 CapPrm: 000001ffffffffff CapEff: 000001ffffffffff CapBnd: 000001ffffffffff CapAmb: 0000000000000000 # docker run --rm -it --privileged debian /bin/bash e4fa0f72dea4:/# cat /proc/$$/status | grep -i cap CapInh: 0000003fffffffff CapPrm: 0000003fffffffff CapEff: 0000003fffffffff CapBnd: 0000003fffffffff CapAmb: 0000000000000000