Should setting the listen-port require CAP_SYS_ADMIN in the socket namespace?

Julian Orth ju.orth at gmail.com
Sun Sep 9 11:40:32 CEST 2018


To be clear: The solution described for the transit-net case also applies to 
the listen-port case:

Trying to change listen-port and/or transit-net should require CAP_SYS_ADMIN 
in the transit namespace unless the user also proves access to that namespace 
by passing an UDP socket from that namespace in the same call.


More information about the WireGuard mailing list