Hey, the CAP_NET_ADMIN capability has been documented to grant the following capabilities to the capability holder without needing elevated (root) privileges:
ability to modify host firewall
ability to modify routing tables
ability to modify network interface configuration
ability to modify socket permissions
Any of those capabilities would have a significant security impact if a process running on the host is able to take any of those actions without requiring elevated privileges. Possible to update the solution without using CAP_NET_ADMIN?
Hey, the CAP_NET_ADMIN capability has been documented to grant the following capabilities to the capability holder without needing elevated (root) privileges:
ability to modify host firewall ability to modify routing tables ability to modify network interface configuration ability to modify socket permissions
Any of those capabilities would have a significant security impact if a process running on the host is able to take any of those actions without requiring elevated privileges. Possible to update the solution without using CAP_NET_ADMIN?