HTTP Upgrade), such as
exec, the authorization plugin is only called for the initial HTTP requests. Once the plugin approves the command, authorization is not applied to the rest of the flow. Specifically, the streaming data is not passed to the authorization plugins. For commands that return chunked HTTP response, such as
events, only the HTTP request is sent to the authorization plugins.
plugin.gocode to understand how is it working.
--privilegedflag or give any extra capability to the container:
--privilegedflag or give any extra capability to the container, and he only allowed to mount the