[concerndc1tizen]

Which privileges are required? CAP_NET_ADMIN? Or nothing at all?

[alexflint]

Nothing at all!

You do need write access to /dev/net/tun. This is standard for all users for the distros that I've looked into, but it is ultimately a distro-specific thing.

[concerndc1tizen]

I'm curious because in a Kubernetes environment, the privileges can be minimal, i.e. read only filesystem, running as nobody, empty filesystem, etc.