Back in OCP 3 days, when it used Docker as container runtime users could use "all" keyword to drop all capabilities of a given container. When OCP moved from Docker to CRI-O that feature was lost.

If a user wants to drop all capabilities they need to know which ones are added by the runtime by default and append them as a list in the securityContext specification.

This could be done by adding that list of capabilities to the SCC's requiredDrop, but again that's not convenient.

There are customers that were using this feature back in the day and they keep configuring the deployable manifests with that "all" keyword, but now that's not working anymore.

In this RFE we want to explore the possibility of bringing back such functionality so users can continue using the "all" keyword.

More info in this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1931838