Skip to content

Can the image run without CAP_NET_ADMIN #611

Description

@odyhunter

Hey, the CAP_NET_ADMIN capability has been documented to grant the following capabilities to the capability holder without needing elevated (root) privileges:

ability to modify host firewall
ability to modify routing tables
ability to modify network interface configuration
ability to modify socket permissions

Any of those capabilities would have a significant security impact if a process running on the host is able to take any of those actions without requiring elevated privileges. Possible to update the solution without using CAP_NET_ADMIN?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions