Re: [vserver] Vserver and localhost sniffing:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] Vserver and localhost sniffing

From: Daniel Hokka Zakrisson <daniel_at_hozac.com>
Date: Tue 26 Feb 2008 - 14:43:22 GMT
Message-ID: <51768.192.168.102.6.1204037002.squirrel@intranet>

Alejandro Cabrera wrote:
> <snip previous messages due to formatting>
> Just CAP_NET_RAW capability ??? Or in group with CAP_NET_ADMIN capability
> ???

CAP_NET_RAW is what governs raw sockets. If you give a guest that, it will
be able to able sniff/generate traffic as it sees fit.

CAP_NET_ADMIN "only" lets the guest do network setup, such as configuring
interfaces, routes, etc. See /usr/include/linux/capability.h or
http://linux-vserver.org/Capabilities_and_Flags for descriptions of the
capabilities.

> Thanks 

-- 
Daniel Hokka Zakrisson
Received on Tue Feb 26 14:45:10 2008
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 26 Feb 2008 - 14:45:14 GMT by hypermail 2.1.8