Overview
While running golang tests using Docker Compose, I encountered an Operation not permitted error.
Resolution
Docker Documentation - runtime-privilege-and-linux-capabilities
Adjusting the privilege settings of the Docker container resolved the issue.
However, I wasn't entirely sure about the security implications of the above configuration, so I opted for a more restrictive setup.
cap_add is an option to add Linux capabilities. In this case, it adds permissions for system administration operations.
Linux capabilities are a feature that allows fine-grained control of superuser privileges.
seccomp is a security feature in the Linux kernel that restricts system call execution. Here, the setting is unconfined, which disables restrictions.
The term "unconfined" literally means "not confined".
Thoughts
speakerdeck - Fully Understanding Containers
I studied containers briefly before, but my understanding is still shallow.