search

KatharaFramework / NetworkPlugin

Docker Network Plugin used by Kathará to create pure L2 networks.
https://www.kathara.org/
Apache License 2.0
17 stars 7 forks source link

kathara/base: Operation not permitted #10

Closed egamess closed 1 year ago

egamess commented 1 year ago

Hi all,

Thank you for the project.

I am interested in the plugin "kathara/katharanp:amd64". So, I did the following:

sudo touch /var/run/xtables.lock docker plugin install kathara/katharanp:amd64 xtables_lock.source="/var/run/xtables.lock" # I granted the privileges docker network create --driver=kathara/katharanp:amd64 --ipam-driver=null l2net

Then, I created a host/container based on alpine with: docker container run -it --rm --name a01 --hostname a01 --network l2net alpine

When, I am inside the Alpine container, I can view the information of the interfaces with the following command. I can see "lo" and "eth0". Interface eth0 does not have an IP address as expected. ifconfig

When I try to assign an IP address with: ifconfig eth0 10.0.0.1 netmask 255.255.255.0

I get the following error. Any idea what is passing? ifconfig: SIOCSIFADDR: Operation not permitted

Thank you.

Skazza94 commented 1 year ago

Hi @egamess, thanks for using our network plugin.

I think that your problem is related to how you start the container. In particular, in order to change interfaces' configurations, the container should have some additional capabilities. In Kathará, we start containers with the following ones:

You can also do it manually from the command line:

docker container run -it --rm --name a01 --hostname a01 --network l2net --cap-add NET_ADMIN --cap-add NET_RAW --cap-add NET_BROADCAST --cap-add NET_BIND_SERVICE --cap-add SYS_ADMIN alpine

Also, I see that you manually created and mounted the xtables.lock file, but using this file depends on the iptables version that you are using. You can check it by running:

sudo iptables -nvL

If the version is legacy you need the lock file and also to mount it while installing the network plugin. If the version is nf_tables you do not need to manually create the lock file, and also you have to remove the mount instruction (xtables_lock.source="/var/run/xtables.lock") while installing the plugin.

If you need further help, do not hesitate to reply to this issue!

Mariano.

egamess commented 1 year ago

Hello @Skazza94,

Thank you so much for your quick response. Yes, the "capabilities" were missing in my case. This solved the issue. Amazing project.