| 1234567891011121314151617181920212223242526272829303132 |
- runAsContext:
- - userName: root
- groupName: root
- gid: 0
- uid: 0
- description: Zerotier requires root privileges to start the Zerotier process
- capabilities:
- - name: NET_ADMIN
- description: Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.
- - name: NET_RAW
- description: Zerotier requires NET_RAW to use raw sockets and proxying
- - name: AUDIT_WRITE
- description: Zerotier is able to write to audit log.
- - name: CHOWN
- description: Zerotier is able to chown files.
- - name: DAC_OVERRIDE
- description: Zerotier is able to bypass permission checks.
- - name: FOWNER
- description: Zerotier is able bypass permission checks for it's sub-processes.
- - name: NET_BIND_SERVICE
- description: Zerotier is able to bind to privileged ports.
- - name: SETGID
- description: Zerotier is able to set group ID for it's sub-processes.
- - name: SETUID
- description: Zerotier is able to set user ID for it's sub-processes.
- - name: SETPCAP
- description: Zerotier is able to set process capabilities.
- - name: SYS_ADMIN
- description: Zerotier is able to perform various system administration operations.
- hostMounts:
- - hostPath: /dev/tun
- description: Required to access the TUN device
|
