[Bug]: NET_RAW capability is needed for RDP in some cases #1648
Description
Operating system
Debian 13
Description
Currently, only NET_ADMIN capability is specified in the compose and CLI example. But in some cases this will cause:
dnsmasq: process is missing required capability NET_RAW
And RDP cannot be accessed (although VNC can), unless NET_RAW capability is also added.
podman version: 5.4.2
Docker compose
sudo podman run -it -e "VERSION=2019" -e "EDITION=CORE" -e "USER_PORTS=3389" -p 8006:8006 -p 3389:3389 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN -v "${PWD:-.}/win:/storage" -v "${PWD:-.}/shared:/shared" docker.io/dockurr/windows(The same if without USER_PORTS=3389)
Docker log
❯ Starting Windows for Podman v5.14...
❯ For support visit https://github.com/dockur/windows
❯ CPU: AMD Ryzen 9 9950X | RAM: 14/16 GB | DISK: 290 GB (ext4) | KERNEL: 6.12.63+deb13-amd64...
dnsmasq: process is missing required capability NET_RAW
❯ Nested KVM virtualization detected..
❯ Booting Windows securely using QEMU v10.0.6...
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000007H:EDX.invtsc [bit 8]
BdsDxe: loading Boot0003 "Windows Boot Manager" from HD(1,GPT,2E95589A-6D87-41A5-9F0D-F1F4C0EEAE8F,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi
BdsDxe: starting Boot0003 "Windows Boot Manager" from HD(1,GPT,2E95589A-6D87-41A5-9F0D-F1F4C0EEAE8F,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi
❯ Windows started successfully, visit http://127.0.0.1:8006/ to view the screen...
# nc -zv 10.88.0.17 8006
Connection to 10.88.0.17 8006 port [tcp/*] succeeded!
# nc -zv 10.88.0.17 3389
nc: connect to 10.88.0.17 port 3389 (tcp) failed: Connection timed outScreenshots (optional)
No response