From bcced0b176bfaa2fe10754466830f1f35242dd28 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Tue, 19 Sep 2023 21:26:11 +0200
Subject: [PATCH] drop NET_RAW from all containers

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 php/src/Docker/DockerActionManager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index ba154c6e..673a2f12 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -476,6 +476,9 @@ class DockerActionManager
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
 
+        // Disable arp spoofing
+        $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
+
         if ($container->isApparmorUnconfined()) {
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
         }