CAP_NET_ADMIN
Perform various network-related operations:
* interface configuration;
* administration of IP firewall, masquerading, and
accounting;
* modify routing tables;
* bind to any address for transparent proxying;
* set type-of-service (TOS);
* clear driver statistics;
* set promiscuous mode;
* enabling multicasting;
administration of IP firewall is somewhat vague, but I've tried with a small example by setting cap_net_admin using setcap on the compiled binary but I get :
exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
athoune
commented
3 years ago
Hi,
Is it possible to run a program using
go-iptablesas an unprivileged user with thecap_net_admincap ?From the the capabilities(7) man page :
administration of IP firewallis somewhat vague, but I've tried with a small example by settingcap_net_adminusingsetcapon the compiled binary but I get :exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission deniedThanks for this project.