Menu
I'm running CoreOS stable 494.5.0 using Vagrant/VirtualBox and am running the vanilla ruby:2.1.5 Docker image. I'm trying to use Pipework to connect the Docker container to a local physical interface (as opposed to using --net=host when running the container) so I can sniff traffic. Pipework creates eth1@if2 in the container and sets its IP address correctly, but the link ends up in the UNKNOWN state and when I try to bring the link up using ip link I get RTNETLINK answers: Operation not permitted.
If it makes a difference, I have to use ip link set dev eth1 up instead of ip link set dev eth1@if2 up or else I get Cannot find device "eth1@if2".
Any ideas what I'm doing wrong?
448
The SSH method works fine for Docker containers, too. That said, you can SSH into a Docker container using Docker's built-in docker exec . If you do not need an interactive shell, you can also use the docker attach command to connect the host's stdin and stdout to the running container and execute remote commands.
It's ok to have multiple processes, but to get the most benefit out of Docker, avoid one container being responsible for multiple aspects of your overall application. You can connect multiple containers using user-defined networks and shared volumes.
Use docker attach to attach your terminal's standard input, output, and error (or any combination of the three) to a running container using the container's ID or name. This allows you to view its ongoing output or to control it interactively, as though the commands were running directly in your terminal.
Docker containers do not have full privileges by default. Try adding this to the docker run command: Credit where credit is due: this answer is based on a comment by @petrkotek under the accepted answer, but I ended up using it myself, so I wanted to make it more visible. Thanks for contributing an answer to Stack Overflow!
The tc command works on a regular vm, but not in the Dockerfile. FROM ubuntu:16.04 RUN DEBIAN_FRONTEND="noninteractive" \ apt-get update --fix-missing && \ apt-get -y install \ apt-utils \ software-properties-common \ iproute2 RUN tc qdisc add dev lo root handle 1: htb docker build .
Docker doesn't have fully virtualized networking and a container can't usually control its network environment in this level of detail; also an image is only a filesystem plus some metadata describing how to start the container, and runtime settings like this aren't persisted in the image. I'd stick with a VM here.
Docker containers do not have full privileges by default. Try adding this to the docker run command:
--cap-add=NET_ADMIN List of capabilities
179
In your docker-compose.yml you can add this:
container_or_service_name: cap_add: - NET_ADMIN Credit where credit is due: this answer is based on a comment by @petrkotek under the accepted answer, but I ended up using it myself, so I wanted to make it more visible.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
