Closed aminvakil closed 4 years ago
@aminvakil have you found solution for it?
@yuseferi I don't remember honestly :)
But using this repository is unsafe because of multiple discovered vulnerabilities since the latest update of this docker image.
Take a look and use this repository if you want: https://github.com/aminvakil/docker-ocserv/
docker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -d quay.io/aminvakil/ocserv
I want to securely run this docker on a server with userns enabled.
Therefore --privileged cannot be executed, but I've successfully add
--cap-add=NET_ADMIN
, so iptables can be runned.Unfortunately these cannot be executed:
I've set
net.ipv4.ip_forward
to 1 as root on host, but I have no idea how can I give privilege to ocserv if it needs to make special blocks bymknod
on host.I know this is more of a linux issue, but any help would be appreciated.