First off, very cool platform. Thanks for making it available to us!

---

I’ve encountered an issue with the nginx container challenge.

After adding the cap_drop key to docker-compose.yml and dropping "ALL" the test errors and gives the following traceback.

- [i] Running security tests
- Traceback (most recent call last):
- File "/drone/src/test/security.py", line 28, in <module>
- if len(dc['services']['nginx']['cap_add']) > 4:
- KeyError: 'cap_add' 

I’ve added an empty cap_add key to make it happy.

I haven’t passed this one yet as I’m stuck on:

- [i] Running security tests
- [e] nginx has unnecessary capabilities: CHOWN 

which I’m a bit baffled by.

Thanks!

Perfect, you are the right track. the error message is rather confusing. what it tries to say that a required capability is missing. If you try to run the lab locally with cap_drop: ALL it wont work. Because required capabilities are removed and container cannot run. So you may need to start adding those required capabilities. cap_drop: ALL perfect for security but doesn’t give much usability

Meanwhile, we will fix up the confusing error message.