Should setting the listen-port require CAP_SYS_ADMIN in the socket namespace?
Julian Orth
ju.orth at gmail.com
Sun Sep 9 11:40:32 CEST 2018
To be clear: The solution described for the transit-net case also applies to
the listen-port case:
Trying to change listen-port and/or transit-net should require CAP_SYS_ADMIN
in the transit namespace unless the user also proves access to that namespace
by passing an UDP socket from that namespace in the same call.
More information about the WireGuard
mailing list