Comment by kro 16 hours ago CAP_NET/SYS_ADMIN is required for this. So this would be "not as bad" as the others. 3 comments kro Reply kam 14 hours ago Also "The page pool is only created on a real ZCRX-capable NIC (mlx5 ConnectX-6+, Intel E800, NFP)" t0mas88 14 hours ago It could work for container escape? kro 4 hours ago Containers, even with root user, are often stripped of these capabilities unless --privileged
kam 14 hours ago Also "The page pool is only created on a real ZCRX-capable NIC (mlx5 ConnectX-6+, Intel E800, NFP)"
t0mas88 14 hours ago It could work for container escape? kro 4 hours ago Containers, even with root user, are often stripped of these capabilities unless --privileged
kro 4 hours ago Containers, even with root user, are often stripped of these capabilities unless --privileged
Also "The page pool is only created on a real ZCRX-capable NIC (mlx5 ConnectX-6+, Intel E800, NFP)"
It could work for container escape?
Containers, even with root user, are often stripped of these capabilities unless --privileged