Nomad workers: Using Linux capabilities instead of running as root?

The documentation recommends running Nomad on worker nodes as root to enable OS isolation mechanisms. Has anyone experience with running Nomad as dedicated user allowing the required settings with Linux capability flags set in the systemd unit file? Which capabilities are required e.g. for “exec” or “docker” jobs?

1 Like