mirror of https://github.com/mkerrisk/man-pages
raw.7: Clarify user namespace requirements for CAP_NET_RAW
Also remove mention of UID 0 as a method or creating a raw socket. As far as I can tell from reading the kernel source (net/ipv4/af_inet.c), this is not true. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
f71d155750
commit
af0cb4bd54
|
@ -30,9 +30,9 @@ socket option is enabled on the socket.
|
|||
When it is enabled, the packet must contain an IP header.
|
||||
For receiving, the IP header is always included in the packet.
|
||||
|
||||
Only processes with an effective user ID of 0 or the
|
||||
In order to create a raw socket, a process must have the
|
||||
.B CAP_NET_RAW
|
||||
capability are allowed to open raw sockets.
|
||||
capability in the user namespace that governs its network namespace.
|
||||
|
||||
All packets or errors matching the
|
||||
.I protocol
|
||||
|
|
Loading…
Reference in New Issue