K
Q

NET_ADMIN capability security implications

9/27/2019

I am trying to understand security implications of running containers with --cap-add=NET_ADMIN. The containers will be running in k8s cluster and they will execute user provided code (which we can't control and can be malicious).

It is my understanding that unless I add --network host flag, the containers will be able to only change their own networking stack. Therefore, they can break their own networking but can't affect the host or other containers in any way.

Is this correct? Are there any considerations when deciding if this is safe to do?

-- Jan Matas
docker
kubernetes
networking
permissions
security

Similar Questions

How can A service of Google Cloud Run for Anthos on GKE connect to Firestore on different project of different organization?
Is `helm reset --force` meant to be executed once per physical host or once per cluster?
what is Environment <none> in a kubectl describe pod command
How can one attach two network interfaces to a single pod in kubernetes?
tolerations on ECK pods
Can I create a kubernetes role in &#39;exclude mode&#39;?

1 Answer

9/27/2019

At a minimum, they would be able to turn on promiscuous mode on the pod's network adapter which could then potentially see traffic bound for other containers. Overall this seems like a very very very bad idea.

-- coderanger
Source: StackOverflow