NET_ADMIN capability security implications

9/27/2019

I am trying to understand security implications of running containers with --cap-add=NET_ADMIN. The containers will be running in k8s cluster and they will execute user provided code (which we can't control and can be malicious).

It is my understanding that unless I add --network host flag, the containers will be able to only change their own networking stack. Therefore, they can break their own networking but can't affect the host or other containers in any way.

Is this correct? Are there any considerations when deciding if this is safe to do?

-- Jan Matas
docker
kubernetes
networking
permissions
security

1 Answer

9/27/2019

At a minimum, they would be able to turn on promiscuous mode on the pod's network adapter which could then potentially see traffic bound for other containers. Overall this seems like a very very very bad idea.

-- coderanger
Source: StackOverflow