> From: Michael S. Tsirkin <m...@redhat.com> > Sent: Monday, October 25, 2021 1:38 PM > > It depends on what will the user be able to do then. > Inject packets? Affect RX routing? Use up networking resources? > NET_ADMIN is a safe choice but we didn't check any capability in the past so > it > seems reasonable to keep not checking it for the time being unless we see an > actual security issue. > I will keep the NET_ADMIN as it is doing the interface config.
And also add the comment around this check as you suggest in other email. _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization