github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-14 13:49:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add comments to explain the required Linux capabilities

Browse Source
This commit is contained in:
M. Mert Yildiran
2023-12-04 22:49:31 +03:00
parent cf3ce0180b
commit dd91087157
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
helm-chart/templates/09-worker-daemon-set.yaml
View File

@@ -65,10 +65,14 @@ spec:
securityContext:
capabilities:
add:
# NET_RAW is required to listen the network traffic
- NET_RAW
# NET_ADMIN is required to listen the network traffic
- NET_ADMIN
{{- if not .Values.tap.noKernelModule }}
# SYS_MODULE is required to install kernel modules
- SYS_MODULE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE
{{- end }}
drop:
@@ -119,9 +123,13 @@ spec:
securityContext:
capabilities:
add:
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
# DAC_OVERRIDE is required to read /proc/PID/environ
- DAC_OVERRIDE
# SYS_RESOURCE is required to change rlimits for eBPF
- SYS_RESOURCE
drop:
- ALL