Что делает CAP_NET_RAW?
rsync находится в AIX Toolbox для приложений Linux
Вы можете загрузить RPM и установить его с помощью обычных команд rpm.
Citando de esta respuesta de Security SE:
CAP_NET_RAW: Any kind of packet can be forged, which includes faking senders, sending malformed packets, etc., this also allows to bind to any address (associated to the ability to fake a sender this allows to impersonate a device, legitimately used for "transparent proxying" as per the manpage but from an attacker point-of-view this term is a synonym for Man-in-The-Middle),
Sí.
http://man7.org/linux/man-pages/man7/ip.7.html
Socket options
...
IP_FREEBIND (since Linux 2.4)
If enabled, this boolean option allows binding to an IP address that is nonlocal or does not (yet) exist. This per‐ mits listening on a socket, without requiring the underlying network interface or the specified dynamic IP address to be up at the time that the application is trying to bind to it. This option is the per-socket equivalent of the ip_nonlo‐ cal_bind /proc interface described below.
ver también
IP_TRANSPARENT (since Linux 2.6.24)
Setting this boolean option enables transparent proxying on this socket. This socket option allows the calling applica‐ tion to bind to a nonlocal IP address and operate both as a client and a server with the foreign address as the local end‐ point. NOTE: this requires that routing be set up in a way that packets going to the foreign address are routed through the TProxy box (i.e., the system hosting the application that employs the IP_TRANSPARENT socket option). Enabling this socket option requires superuser privileges (the CAP_NET_ADMIN capability).
TProxy redirection with the iptables TPROXY target also requires that this option be set on the redirected socket.
(basado en la otra página del manual, supongo que ya sea de CAP _NET _ADMIN o CAP _NET _RAW son suficientes. Y realmente espero que sean necesarios para IP _FREEBIND también ).