I run an online labs environment were users can run code inside a docker container. I would like to provide a swift REPL to my users, but that requires that I add the SYS_PTRACE capability to their containers. The users are not root within their container. There isn't sensitive information inside the container. I'm not running on an old kernel that has the classic ptrace exploit. How significant of a security risk is adding the SYS_PTRACE capability?