I've got a test that I'm writing for a larger program that needs to (1) create a tap device, (2) bind a raw socket, and (3) make a sysctl to disable I ...
I've got a test that I'm writing for a larger program that needs to (1) create a tap device, (2) bind a raw socket, and (3) make a sysctl to disable I ...
I am working on a project that requires using raw_sockets and raw sockets to work needs CAP_NET_RAW we used setcap and it worked fine, now the executa ...
How to setup perf permission for specific user? (kernel.perf_event_paranoid is not an option because it is global) Kernel documentation is unclear or ...
I have a container running as non-privileged mode. I'd like to update file atime via python code for some reason but found I could not do that due to ...
I'm trying to open privileged ports (as an example to use libcap) without being root. This is my code: // http_capabilities.cpp #include <iostre ...
I have a Linux service that runs as a non-root user and holds a set of a few capabilities. When it starts, I want to fork off a child process. That ch ...
I am trying to authorize kubernetes pod with Capability in securityContext. https://kubernetes.io/docs/tasks/configure-pod-container/security-context ...
I was trying to run my pod as non root and also grant it some capabilities. This is my config: containers: - name: container-name securi ...
I need to run a container as non-root user by default. However a specific process inside this container needs to execute a binary that needs cap_net_a ...
I need to deploy some docker containers that need to be sandboxed and need access performance counters. It seems like CAP_PERFMON is exactly what I ne ...
I'm using an OpenVPN server in a Docker container for multiple client connections. This container is located in a specific Docker network in which I h ...
From this docker doc page - https://docs.docker.com/engine/security/#linux-kernel-capabilities Processes (like web servers) that just need to bind ...
I'm building my own CSI driver with CSI standards and I'm wondering about the Security Context to be set for the CSI sidecar containers. I'm going to ...
I am trying to launch a child-process as root from a non-root parent-process. I am thinking to use capabilities to make that work. What I have tried ...
I am developing a program in C that requires temporary use of some capabilities that require elevation to acquire and would rather not just have users ...
"I dont understand difference between SUID of binary and cap_setuid in linux.Then, difference between SUID and setuid" ...
Background: I am running a docker container which needs to load/remove a kernel module which makes USB devices attached to a remote server available o ...
I want a process running by normal user, switch to another process's netns, another process is running by root user. What I need to do is to open /p ...
We are trying to mount lustre filesystem inside running container, and have successfully done this via containers which are running in priviledged mod ...
I'm using Ubuntu 18.04 Desktop. Here are more details about my question. Recently, I'm writing some test code that wants to do this: when it is run a ...