Docker containers extra arguments

[vk496]

Hello,

In some cases, I'm interested to pass extra arguments to containers (like, NET_ADMIN, described here).

As described in the link, the difference could be things like this:

$ docker run -it --rm ubuntu:14.04 ip link add dummy0 type dummy
RTNETLINK answers: Operation not permitted
$ docker run -it --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy 

[ghost]

In GNS3 docker is currently started with the equivalent of --cap-add=ALL and --privileged, so your examples are not good for extra arguments.

From gns3-server/gns3server/compute/docker/docker_vm.py:

            "HostConfig": {
                "CapAdd": ["ALL"],
                "Privileged": True,
                "Binds": self._mount_binds(image_infos)
            },

Instead it's perhaps time to look, what privileges are necessary and drop some.

[vk496]

Hello,

Oh, sorry. I should checked it inside source code before asking. Anyway, would be nice get the control of the containers (for example, volumes?).

Maybe, this should be also the GUI issue...

Salu2

[grossmj]

Should we implement the equivalent of what we currently have with Qemu VM additional settings?

[ghost]

That's difficult to implement, as GNS3 doesn't use the docker CLI, it uses docker API calls. Implementing an additional settings text field will therefore require to analyze the string and map it to the API.

Furthermore allowing a complete access to the docker features is a security nightmare. The docker container runs with root rights and if the GNS3 user can create a volume with the hosts root directory the docker container has full read/write access to the host.

[grossmj]

I agree, this isn't as simple as just passing parameters to CLI. We won't implement this then.