From 50f414a7cf435a5296156b86ac14032fa27a2e15 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 30 May 2025 15:15:44 +0200 Subject: [PATCH] unshare: Add CAP_SYS_ADMIN to needed capabilities Some container storage operations (e.g., mounting the home directory for containers/storage) require CAP_SYS_ADMIN. Signed-off-by: Giuseppe Scrivano --- cmd/skopeo/unshare_linux.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/skopeo/unshare_linux.go b/cmd/skopeo/unshare_linux.go index 01f6986b..8dffbfac 100644 --- a/cmd/skopeo/unshare_linux.go +++ b/cmd/skopeo/unshare_linux.go @@ -16,6 +16,7 @@ var neededCapabilities = []capability.Cap{ capability.CAP_FSETID, capability.CAP_MKNOD, capability.CAP_SETFCAP, + capability.CAP_SYS_ADMIN, } func maybeReexec() error {