> From: Michael S. Tsirkin <mst@xxxxxxxxxx> > Sent: Monday, October 25, 2021 1:38 PM > > It depends on what will the user be able to do then. > Inject packets? Affect RX routing? Use up networking resources? > NET_ADMIN is a safe choice but we didn't check any capability in the past so it > seems reasonable to keep not checking it for the time being unless we see an > actual security issue. > I will keep the NET_ADMIN as it is doing the interface config. And also add the comment around this check as you suggest in other email. _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
