CAP_NET/SYS_ADMIN is required for this. So this would be "not as bad" as the others.
Also "The page pool is only created on a real ZCRX-capable NIC (mlx5 ConnectX-6+, Intel E800, NFP)"
It could work for container escape?
Containers, even with root user, are often stripped of these capabilities unless --privileged
Also "The page pool is only created on a real ZCRX-capable NIC (mlx5 ConnectX-6+, Intel E800, NFP)"
It could work for container escape?
Containers, even with root user, are often stripped of these capabilities unless --privileged