The capable(CAP_NET_ADMIN) check is triggered by this syscall that go makes:
2223 open("/proc/sys/net/core/somaxconn", O_RDONLY|O_CLOEXEC) = 3
You can reproduce it by running the following command with and without sudo:
$ aa-exec -p foo -- cat /proc/sys/net/core/somaxconn # Won't trigger the denial $ sudo aa-exec -p foo -- cat /proc/sys/net/core/somaxconn # Will trigger the denial
The capable( CAP_NET_ ADMIN) check is triggered by this syscall that go makes:
2223 open("/ proc/sys/ net/core/ somaxconn" , O_RDONLY|O_CLOEXEC) = 3
You can reproduce it by running the following command with and without sudo:
$ aa-exec -p foo -- cat /proc/sys/ net/core/ somaxconn # Won't trigger the denial net/core/ somaxconn # Will trigger the denial
$ sudo aa-exec -p foo -- cat /proc/sys/