rootless: document limitations of linux capabilities when running rootless

[thaJeztah]

Is this a docs issue?

• My issue is about the documentation content or website

Type of issue

I can't find what I'm looking for

Description

When running in rootless mode, a container may be given additional capabilities, but those capabilities may be restricted by the kernel in rootless mode (which is by design).

We should document those restrictions.

Related:

• rootless docker doesn't apply capabilities moby/moby#46501
• Some capabilities do not work in a container with user namespace support moby/moby#25622

Location

https://docs.docker.com/engine/security/rootless/

Suggestion

No response

[thaJeztah]

/cc @dvdksn @AkihiroSuda

[docker-robot]

There hasn't been any activity on this issue for a long time.
If the problem is still relevant, mark the issue as fresh with a /remove-lifecycle stale comment.
If not, this issue will be closed in 14 days. This helps our maintainers focus on the active issues.

Prevent issues from auto-closing with a /lifecycle frozen comment.

/lifecycle stale