Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
484 views
in Technique[技术] by (71.8m points)

Why am I getting an RTNETLINK Operation Not Permitted when using Pipework with Docker containers?

I'm running CoreOS stable 494.5.0 using Vagrant/VirtualBox and am running the vanilla ruby:2.1.5 Docker image. I'm trying to use Pipework to connect the Docker container to a local physical interface (as opposed to using --net=host when running the container) so I can sniff traffic. Pipework creates eth1@if2 in the container and sets its IP address correctly, but the link ends up in the UNKNOWN state and when I try to bring the link up using ip link I get RTNETLINK answers: Operation not permitted.

If it makes a difference, I have to use ip link set dev eth1 up instead of ip link set dev eth1@if2 up or else I get Cannot find device "eth1@if2".

Any ideas what I'm doing wrong?

question from:https://stackoverflow.com/questions/27708376/why-am-i-getting-an-rtnetlink-operation-not-permitted-when-using-pipework-with-d

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Docker containers do not have full privileges by default. Try adding this to the docker run command:

--cap-add=NET_ADMIN

List of capabilities


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...