Linux defines a set of process capabilities that can be used to fine-tune the process permissions. Talos Linux for security reasons restricts any process from gaining the following capabilities: CAP_SYS_MODULE (loading kernel modules) CAP_SYS_BOOT (rebooting the system) This means that any process including privileged Kubernetes pods will not be able to get these capabilities. If you see the following error on starting a pod, make sure it doesn’t have any of the capabilities listed above in...
