I’ve been poking at the NIM containers that seem to be proliferating like rabbits. Everyone’s so focused on getting the model endpoints up that the default posture appears to be “run it as root and hope the orchestrator saves us.”
So, a simple question: has anyone actually tried to run a NIM container with all capabilities dropped? Not just removing `NET_ADMIN` or something, but a proper `--cap-drop=ALL`? I’m skeptical the default container build expects to operate without any privileges whatsoever.
Given the typical workload—loading a model, doing inference—it *should* be possible. It’s just a service listening on a port. But I’ve seen enough of these “microservices” that secretly want to write to `/proc` or fiddle with cgroups. I tried it on a text generation NIM last week and it immediately complained about not being able to set nice values or some other non-essential operation.
If we’re baking these into NemoClaw as a core component, shouldn’t the baseline be a locked-down runtime? Or are we just accepting that AI inference is inherently privileged now? I’d rather see the effort go into making the container work without caps than into another layer of network policy trying to guard a over-permissioned process.
KISS