apptainer-capability - Man Page

Manage Linux capabilities for users and groups

Examples (TL;DR)

Show all available Linux capabilities: apptainer capability avail
Show descriptions for specific capabilities: apptainer capability avail cap_chown,cap_net_raw,...
List capabilities for all users and groups: apptainer capability list
List capabilities for a specific user or group: apptainer capability list username|groupname
Add capabilities to a user: sudo apptainer capability add [-u|--user] username cap_net_raw,cap_chown,...
Add capabilities to a group: sudo apptainer capability add [-g|--group] groupname cap_net_raw,cap_chown,...
Remove capabilities from a user: sudo apptainer capability drop [-u|--user] username cap_net_raw,cap_chown,...
Remove all capabilities from a user: sudo apptainer capability drop [-u|--user] username all

Description

Capabilities allow you to have fine grained control over the permissions that
your containers need to run.

NOTE: capability add/drop commands require root to run. Granting capabilities
to users allows them to escalate privilege inside the container and will
likely give them a route to privilege escalation on the host system as well.
Do not add capabilities to users who should not have root on the host system.

Options

-h, --help[=false] help for capability

Example

  All group commands have their own help output:

  $ apptainer help capability add
  $ apptainer capability add --help

History

14-Apr-2026 Auto generated by spf13/cobra

Referenced By

apptainer(1), apptainer-capability-add(1), apptainer-capability-avail(1), apptainer-capability-drop(1), apptainer-capability-list(1).

Apr 2026 Auto generated by spf13/cobra