i have a question and a problem about capabilities.
Why my program work when i run docker run --cap-add=NET_ADMIN
... ? ( i don't have RTNETLINK problems and TC Network problems with ETH0)
And it's doesn't work if i run my program with file .yml which is:
containers:
- name: snake
image: docker.io/kelysa/snake:lastest
imagePullPolicy: Always
securityContext:
privileged: true
capabilities:
add: ["NET_ADMIN","NET_RAW"]
i have problems like RTNETLINK answers: No such file or directory
tc isn't available for interface eth0"
"NETWORK_BANDWIDTH requires traffic control (tc).
CAP_NET_RAW,CAP_NET_ADMIN+ capability is also required, with modinfo sch_netem.
What is the difference between run docker with --cap-add and run a pod with the same capabilities ?