Amazon ECS Adds Support for Adding or Dropping Linux Capabilities to Containers
Docker containers run as “unprivileged” by default and thus are unable to execute most system and network administration operations. Docker privileged mode gives containers root access, which may not be optimal or secure for many workloads. With cap-add and cap-drop, you can specify the capabilities to add or drop for each container in a task definition. This gives you fine-grained controls to run containerized applications that require additional permissions without adding unnecessary security risks.
Learn more about using cap-add and cap-drop with Amazon ECS in our documentation.
Amazon EC2 Container Service is available in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), EU (London), and China (Beijing). For more information on AWS regions and service, please visit here.
Read the entire article here, Amazon ECS Adds Support for Adding or Dropping Linux Capabilities to Containers
Via the fine folks at Amazon Web Services.