Can kube-multus container run unprivileged with capabilities set?

bhdebasish · November 20, 2021, 6:53am

Hi Experts,
i see in multus-cni/multus-daemonset.yml at master · k8snetworkplumbingwg/multus-cni · GitHub kube-multus container in node-local-dns runs as privileged container.

    securityContext:
      privileged: true

This can be a potential security threat. Can this pod run unprivileged with capabilities set?
In that case what would be those capabilities?

Topic		Replies	Views
Can node-cache container in node-local-dns pod run in without privilege set to true with capabilities? General Discussions	0	590	November 20, 2021
Can wheareabouts container run unprivileged with capabilities set? General Discussions	0	483	November 20, 2021
Privileged container in pod running in user namespace (KEP-127) General Discussions docs , security	4	6134	May 14, 2023
Security Context for a Pod or Container General Discussions security	0	3101	October 11, 2022
Init containers in restricted namespace General Discussions	2	361	December 31, 2024