← 返回命令列表

Linux command

apptainer-capability 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

List capabilities

sudo apptainer capability list --user [username]

Grant a capability

sudo apptainer capability add --user [username] [CAP_NET_RAW]

Drop a capability

sudo apptainer capability drop --user [username] [CAP_NET_RAW]

Grant all capabilities

sudo apptainer capability add --group [groupname] all

List all available

apptainer capability avail

Drop all capabilities

sudo apptainer capability drop --user [username] all

说明

apptainer capability manages Linux capabilities granted to users and groups for use inside Apptainer containers. Administrators use this command to authorize specific users or groups to request particular capabilities at container runtime. Capabilities are stored in a capability.json file maintained by Apptainer. Granting a capability does not automatically enable it inside containers — users must explicitly request granted capabilities at runtime using the --add-caps flag with commands like apptainer exec or apptainer run.

参数

--user _name_
Target a specific user for add, drop, or list operations.
--group _name_
Target a specific group for add, drop, or list operations.

FAQ

What is the apptainer-capability command used for?

apptainer capability manages Linux capabilities granted to users and groups for use inside Apptainer containers. Administrators use this command to authorize specific users or groups to request particular capabilities at container runtime. Capabilities are stored in a capability.json file maintained by Apptainer. Granting a capability does not automatically enable it inside containers — users must explicitly request granted capabilities at runtime using the --add-caps flag with commands like apptainer exec or apptainer run.

How do I run a basic apptainer-capability example?

Run `sudo apptainer capability list --user [username]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --user _name_ do in apptainer-capability?

Target a specific user for add, drop, or list operations.