iptables sometimes works inside container, sometimes not - docker 0.8.1 #4424
Comments
|
running with -privileged option works ok everytime. |
|
@crosbymichael @unclejack did we ever find a solid fix for the capabilities dropping race condition? |
|
@balamaci If I understand correctly, this shouldn't work in unprivileged mode because CAP_NET_ADMIN has been dropped, https://github.com/dotcloud/docker/blob/a1598d1e1c157388f3b07415729de28f4d205e49/CHANGELOG.md#runtime |
|
@apatil Thanks, did not know CAP_NET_ADMIN related to that, and was confused about the fact that sometimes it did work, sometimes not. Feel free to close it if you want, I've no problem passing in the priviIeged param, hope it might serve as reference in case someone else stumbles upon this. |
|
Is the race condition for capabilities still an issue on |
|
Closing in favor of #4556 |
|
From what @balamaci said, if you run the container with |
|
|
|
docker run --privileged -it .... |
----privileged option worked for me:) |
I have 4 containers:
sudo docker run -name N1 -d -p 127.0.0.1:9122:22 -v $HZ_PATH/target:/root/hazelcast/java/ java/mvn_ssh
sudo docker run -name N2 -d -p 127.0.0.1:9222:22 -v $HZ_PATH/target:/root/hazelcast/java/ java/mvn_ssh
sudo docker run -name N3 -d -p 127.0.0.1:9322:22 -v $HZ_PATH/target:/root/hazelcast/java/ java/mvn_ssh
sudo docker run -name N4 -d -p 127.0.0.1:9422:22 -v $HZ_PATH/target:/root/hazelcast/java/ java/mvn_ssh
doing ssh root@IP_N1
root@68635b3292b0:~# iptables -L -n
iptables v1.4.12: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
but sometimes when I rebuild the containers, on some of them iptables works, on some don't.
kernel 3.11.0-17-generic
Docker version 0.8.1, build a1598d1
Any idea how can this be?
The text was updated successfully, but these errors were encountered: