github-actions[bot]
commented
5 months ago This issue is stale because it has been open for 7 days with no activity. Remove stale label or comment or this will be closed in 7 days
Open rbtr opened 5 months ago
github-actions[bot]
commented
5 months ago This issue is stale because it has been open for 7 days with no activity. Remove stale label or comment or this will be closed in 7 days
nddq
commented
3 months ago I know that CAP_NET_ADMIN is needed for packetparser, SYS_ADMIN for root access I think is for loading the eBPF program into the kernel since we need root access, but if that's all we are doing with that CAP then I think we could use CAP_BPF instead?IPC_LOCK is used for mmap() calls and not sure about SYS_RESOURCE
Retina has CAP_NET_ADMIN, SYS_ADMIN, and others. Evaluate the caps and make sure we are adding the minimum required permissions