Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat OpenShift Container Platform 4
Kubernetes Settings
Security Context Constraints (SCC)
Limit Use of the CAP_NET_RAW
Limit Use of the CAP_NET_RAW
An XCCDF Rule
Details
Profiles
Prose
Limit Use of the CAP_NET_RAW
Medium Severity
Containers should not enable more capabilities than needed as this opens the door for malicious use.
CAP_NET_RAW
enables a container to launch a network attack on another container or cluster. To disable the
CAP_NET_RAW
capability, the appropriate Security Context Constraints (SCCs) should set
NET_RAW
in
requiredDropCapabilities
.