Outside a namespace, CAP_SYS_ADMIN is enough to grant yourself any other capability, but inside a namespace the main danger is that it exposes a bit more kernel attack surface than a normal user would have.
The important question is whether the APIs that CAP_SYS_ADMIN and other capabiloities grants you access to are potential security issues in an user namespace.
Dropping things like CAP_NET_ADMIN in a namespace is useful, because helps reduce the attack surface further.
The important question is whether the APIs that CAP_SYS_ADMIN and other capabiloities grants you access to are potential security issues in an user namespace. Dropping things like CAP_NET_ADMIN in a namespace is useful, because helps reduce the attack surface further.