From 66e065707328d7749043780326b6e73baf7d7a55 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Thu, 14 Sep 2023 18:25:04 +0000
Subject: [PATCH 1/2] [docker-mux] limit privileged flag for mux container

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 rules/docker-mux.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/docker-mux.mk b/rules/docker-mux.mk
index 8295200b7bf3..4a55f719eb17 100644
--- a/rules/docker-mux.mk
+++ b/rules/docker-mux.mk
@@ -30,7 +30,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MUX_DBG)
 endif
 
 $(DOCKER_MUX)_CONTAINER_NAME = mux
-$(DOCKER_MUX)_RUN_OPT += --privileged -t
+$(DOCKER_MUX)_RUN_OPT += --cap-add=NET_ADMIN -t
 $(DOCKER_MUX)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
 $(DOCKER_MUX)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro 
 $(DOCKER_MUX)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)

From 6a3877fc8e8f3e06f471296c58e4fb4097304972 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Thu, 28 Sep 2023 15:47:05 +0000
Subject: [PATCH 2/2] remove NET_ADMIN

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 rules/docker-mux.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/docker-mux.mk b/rules/docker-mux.mk
index 4a55f719eb17..3af7baa004d6 100644
--- a/rules/docker-mux.mk
+++ b/rules/docker-mux.mk
@@ -30,7 +30,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MUX_DBG)
 endif
 
 $(DOCKER_MUX)_CONTAINER_NAME = mux
-$(DOCKER_MUX)_RUN_OPT += --cap-add=NET_ADMIN -t
+$(DOCKER_MUX)_RUN_OPT += -t
 $(DOCKER_MUX)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
 $(DOCKER_MUX)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro 
 $(DOCKER_MUX)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)