Question 1

What does Docker Compose rule CV-C006 mean?

Accepted Answer

Adding dangerous Linux capabilities such as SYS_ADMIN, NET_ADMIN, or ALL significantly weakens container isolation. SYS_ADMIN alone grants nearly all privileged operations. ALL grants every capability, equivalent to privileged mode. CWE-250: Execution with Unnecessary Privileges.

Question 2

How do I fix CV-C006 (Dangerous capabilities added) in my docker-compose.yml?

Accepted Answer

Remove dangerous capabilities and add only the minimum required capabilities

CV-C006: Dangerous capabilities added

Why This Matters

How to Fix

Before (incorrect)

After (correct)

Rule Details

Related Rules