You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 6, 2022. It is now read-only.
Binding to port 53 seems to require CAP_NET_BIND_SERVICE.
Further, having ZeroTier run within the container appears to require CAP_SYS_ADMIN and CAP_NET_ADMIN. Based on my understanding of cap_add – CAP_SYS_ADMIN should include CAP_NET_ADMIN... but, CAP_SYS_ADMIN also gets pretty close to root's capabilities – which (ideally) isn't necessary.
Need to develop a better understanding of CAP_SYS_ADMIN.
Need to develop a better understanding of CAP_NET_ADMIN.
Test what capabilities are required for running CoreDNS, strictly.
Test what capabilities are required for running ZeroTier, strictly.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Binding to port 53 seems to require
CAP_NET_BIND_SERVICE
.Further, having ZeroTier run within the container appears to require
CAP_SYS_ADMIN
andCAP_NET_ADMIN
. Based on my understanding ofcap_add
–CAP_SYS_ADMIN
should includeCAP_NET_ADMIN
... but,CAP_SYS_ADMIN
also gets pretty close toroot
's capabilities – which (ideally) isn't necessary.CAP_SYS_ADMIN
.CAP_NET_ADMIN
.CoreDNS
, strictly.ZeroTier
, strictly.The text was updated successfully, but these errors were encountered: