Description
jsvc tries to get CAP_DAC_READ_SEARCH capabilities. The code says Fix DAEMON-16 by adding CAP_DAC_READ_SEARCH to allow reading /proc/self but does anyone still need this? It fails on docker containers in kubernetes unless admins allow that capability to be requested.
I tried compiling it without this flag and it seems to run everything just fine - but to not break anyone who might really need this CAP, perhaps some command line switch could be added to adjust what capabilities are requested generally, or at the very least specifically whether to not alter that CAP_DAC_READ_SEARCH cap.