Which Linux capabilities are required to properly function?

[juniorz]

It would be great to have documented in the README which Linux capabilities are required by dumb-init in order to function properly.

We often see tools in the Kubernetes ecosystem being obsessed with dropping all capabilities via

securityContext:
  capabilities:
    drop:
    - ALL

and then operators learn the container uses dumb-init as PID1 when they notice the termination of pods is broken because dumb-init is unable to terminate all children processes.

[asottile]

can you provide more information and/or determine this yourself and send a patch? it's unclear what error you're trying to solve and if you included your error message then others can find it as well

oddly enough I haven't had issues with dumb-init and zero capabilities so it's possible you're running into some other problem?