Should setting the listen-port require CAP_SYS_ADMIN in the socket namespace?

Julian Orth ju.orth at gmail.com
Sun Sep 9 11:40:32 CEST 2018

Previous message: Should setting the listen-port require CAP_SYS_ADMIN in the socket namespace?
Next message: [PATCH v2 00/10] Allow changing the transit namespace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To be clear: The solution described for the transit-net case also applies to 
the listen-port case:

Trying to change listen-port and/or transit-net should require CAP_SYS_ADMIN 
in the transit namespace unless the user also proves access to that namespace 
by passing an UDP socket from that namespace in the same call.

Previous message: Should setting the listen-port require CAP_SYS_ADMIN in the socket namespace?
Next message: [PATCH v2 00/10] Allow changing the transit namespace
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the WireGuard mailing list