runAsContext:
  - userName: root
    groupName: root
    gid: 0
    uid: 0
    description: Zerotier requires root privileges to start the Zerotier process
capabilities:
  - name: NET_ADMIN
    description: Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.
  - name: NET_RAW
    description: Zerotier requires NET_RAW to use raw sockets and proxying
  - name: AUDIT_WRITE
    description: Zerotier is able to write to audit log.
  - name: CHOWN
    description: Zerotier is able to chown files.
  - name: DAC_OVERRIDE
    description: Zerotier is able to bypass permission checks.
  - name: FOWNER
    description: Zerotier is able bypass permission checks for it's sub-processes.
  - name: NET_BIND_SERVICE
    description: Zerotier is able to bind to privileged ports.
  - name: SETGID
    description: Zerotier is able to set group ID for it's sub-processes.
  - name: SETUID
    description: Zerotier is able to set user ID for it's sub-processes.
  - name: SETPCAP
    description: Zerotier is able to set process capabilities.
  - name: SYS_ADMIN
    description: Zerotier is able to perform various system administration operations.
hostMounts:
  - hostPath: /dev/tun
    description: Required to access the TUN device