|
|
|
|
|
|
by cyphar
32 days ago
|
|
|
No, that depends on the kind of privilege check. Some codepaths do ns_capable() (must have capability in owning namespace, reachable via unprivileged user namespaces), some do capable() (must have capability in host user namespace, not reachable via user namespaces at all). ZCRX can only be enabled by passing capable(CAP_NET_ADMIN), so you need to be privileged on the host. |
|
|