retina
retina copied to clipboard
microsoft
Evaluate security context/caps
Retina has CAP_NET_ADMIN, SYS_ADMIN, and others. Evaluate the caps and make sure we are adding the minimum required permissions
This issue is stale because it has been open for 7 days with no activity. Remove stale label or comment or this will be closed in 7 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I know that CAP_NET_ADMIN is needed for packetparser, SYS_ADMIN for root access I think is for loading the eBPF program into the kernel since we need root access, but if that's all we are doing with that CAP then I think we could use CAP_BPF instead?IPC_LOCK is used for mmap() calls and not sure about SYS_RESOURCE
