Failed to start DHCP server in Podman container

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server

https://adguard.com/adguard-home.html

GNU General Public License v3.0

24.98k stars 1.8k forks source link

Failed to start DHCP server in Podman container #4887

Open skerit opened 2 years ago

skerit commented 2 years ago

Prerequisites

[X] I have checked the Wiki and Discussions and found no answer
[X] I have searched other issues and found no duplicates
[X] I want to report a bug and not ask a question

Operating system type

Linux, Other (please mention the version in the description)

CPU architecture

AMD64

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.107.11

Description

What did you do?

I installed AdguardHome:

podman run --name adguardhome\
    --restart unless-stopped\
    -v /usr/local/etc/adguard/work:/opt/adguardhome/work\
    -v /usr/local/etc/adguard/conf:/opt/adguardhome/conf\
    --network host\
    -d adguard/adguardhome

Expected result

It should act as a DHCP server

Actual result

I got this error in the log:

starting dhcp server: dhcpv4: creating raw udp connection: listen packet 04:d4:c4:58:3d:69: socket: operation not permitted

It would also really help if this was somehow apparent in the web interface.

agneevX commented 2 years ago

Installation

Docker

Docker != Podman.

Related to #2809.

ainar-g commented 2 years ago

I'm not familiar with Podman, but it seems like if you're running a rootless installation, binding to privileged ports is not possible. See their documentation. I'll leave this issue open, in case anyone else has some input.

bobobo1618 commented 1 year ago

I've got AdGuardHome working in a Podman container with DHCP. I'm using Quadlet to configure the container, the config is as follows:

[Install]
WantedBy=default.target

[Unit]
Description=AdGuard Home DNS
After=network-online.target

[Container]
Image=docker.io/adguard/adguardhome:latest
Label=io.containers.autoupdate=registry
Volume=<insert conf here>:/opt/adguardhome/conf
Volume=<insert work here>:/opt/adguardhome/work
Network=host
AddCapability=NET_RAW

Alternatively you should just be able to do something like podman run --net host --add-cap NET_RAW -v <volumes> docker.io/adguard/adguardhome:latest

The important things are:

--net host: Same as Docker. Allows the container to use the host's network interfaces.
--add-cap NET_RAW: Allows the container to use raw networking, needed for DHCP specifically (that's why you get the operation not permitted)

videoMonkey commented 1 year ago

--add-cap NET_RAW: Allows the container to use raw networking, needed for DHCP specifically (that's why you get the operation not permitted)

so close, so helpful, it's --cap-add. Thanks for pointing me in the right direction.