Recently, I gave a Workload the NET_ADMIN capability which should allow it to connect as an OpenVPN client to a corresponding server. The capability gives all rights needed to establish the connection, i.e. modify routing table, managing interfaces.
However, the connection could not be established until I gave the Workload full privilege level.
I am not sure, if Rancher propagates changes incompletely or if this is a Docker bug.
Does anyone recognize this issue?