On Wed, Apr 17, 2019 at 04:05:09PM +0800, Hangbin Liu wrote: > On the other hand, Miroslav pointed that with NET_ADMIN enabled in container, > a normal user could be mapped to root and is able to change the real devices's > rx filter via ioctl on macvlan, which may affect the other ptp process on > host. ptp over vlan also has this issue, but macvlan is more frequently used > in container.
If NET_ADMIN is enabled in the container, don't the host and container contend with each other for the physical interfaces anyhow? (I'm not a container person, so forgive my ignorance.) Thanks, Richard
