community/vault: permissions prevent execution by root in Docker
/ # apk add vault
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
(1/1) Installing vault (1.13.4-r0)
Executing vault-1.13.4-r0.pre-install
Executing busybox-1.36.1-r0.trigger
OK: 197 MiB in 16 packages
/ # vault
/bin/sh: vault: Operation not permitted
/ # ls -lah /usr/sbin/vault
-rwxr-xr-x 1 root vault 189.3M Jul 6 14:56 /usr/sbin/vault
/ # chown root:root /usr/sbin/vault
/ # vault version
Vault v1.13.4
What I don't quite get is why the binary belonging to another group but still being owned by root prevents it being executed.