Open masibw opened 3 years ago
何が原因かわかりませんがnfqueueにbindできなくなりcnetが起動できなくなるときがあります...
~/g/s/g/T/cnet (feature/verification_docker)> sudo ./cnet [sudo] password for k624125: DEBU[2020-12-06T08:07:07Z] trying to fetch docker container inspections DEBU[2020-12-06T08:07:07Z] trying to fetch docker container inspection container_id=3ae5286bc5302a6f366c0ddaacb92a95ce1f9680e1891e955ffeb6d8cf933c1b DEBU[2020-12-06T08:07:07Z] container inspection fetched container_id=3ae5286bc5302a6f366c0ddaacb92a95ce1f9680e1891e955ffeb6d8cf933c1b container_inspection="{0xc0001429a0 [] 0xc0002a5a40 0xc000157500}" DEBU[2020-12-06T08:07:07Z] trying to fetch docker container inspection container_id=394612b9d950084250a53cecb69ac8dbfd69b48747d302f2d5813d4b185508a4 DEBU[2020-12-06T08:07:07Z] container inspection fetched container_id=394612b9d950084250a53cecb69ac8dbfd69b48747d302f2d5813d4b185508a4 container_inspection="{0xc000414000 [] 0xc000434000 0xc000438000}" DEBU[2020-12-06T08:07:07Z] trying to fetch docker container inspection container_id=1868b7ecf330289363efad885473e9dd6b09e640cfb7a34afc73b11825482f93 DEBU[2020-12-06T08:07:07Z] container inspection fetched container_id=1868b7ecf330289363efad885473e9dd6b09e640cfb7a34afc73b11825482f93 container_inspection="{0xc0000b22c0 [] 0xc0000c2000 0xc0000c4000}" DEBU[2020-12-06T08:07:07Z] container inspections fetched containers="[{ID:3ae5286bc5302a6f366c0ddaacb92a95ce1f9680e1891e955ffeb6d8cf933c1b Name:/ping_test} {ID:394612b9d950084250a53cecb69ac8dbfd69b48747d302f2d5813d4b185508a4 Name:/nginx_test_invalid} {ID:1868b7ecf330289363efad885473e9dd6b09e640cfb7a34afc73b11825482f93 Name:/nginx_test}]" INFO[2020-12-06T08:07:07Z] container information fetched containers="[{ID:3ae5286bc5302a6f366c0ddaacb92a95ce1f9680e1891e955ffeb6d8cf933c1b Name:/ping_test} {ID:394612b9d950084250a53cecb69ac8dbfd69b48747d302f2d5813d4b185508a4 Name:/nginx_test_invalid} {ID:1868b7ecf330289363efad885473e9dd6b09e640cfb7a34afc73b11825482f93 Name:/nginx_test}]" DEBU[2020-12-06T08:07:07Z] trying to parse security policy path=./policy.yml DEBU[2020-12-06T08:07:07Z] security policy parsed parsed_policies="[{Container:{ID: Name:nginx_test} Communications:[{Processes:[{ID:0 Executable: Path:/usr/sbin/nginx}] Sockets:[{Protocol:TCP RemoteIP:<nil> LocalPort:80 RemotePort:0} {Protocol:TCP RemoteIP:<nil> LocalPort:443 RemotePort:0}]}]}]" path=./policy.yml INFO[2020-12-06T08:07:07Z] the security policy loaded policies="[{Container:{ID: Name:nginx_test} Communications:[{Processes:[{ID:0 Executable: Path:/usr/sbin/nginx}] Sockets:[{Protocol:TCP RemoteIP:<nil> LocalPort:80 RemotePort:0} {Protocol:TCP RemoteIP:<nil> LocalPort:443 RemotePort:0}]}]}]" DEBU[2020-12-06T08:07:07Z] trying to insert nfqueue rule chain_name=DOCKER-USER protocol=all queue_num=2 rule_num=1 DEBU[2020-12-06T08:07:07Z] nfqueue rule exist checked chain_name=DOCKER-USER exist=false protocol=all queue_num=2 DEBU[2020-12-06T08:07:07Z] the nfqueue rule inserted chain_name=DOCKER-USER protocol=all queue_num=2 rule_num=1 INFO[2020-12-06T08:07:07Z] the nfqueue rule added chain_name=DOCKER-USER protocol=all queue_num=2 rule_num=1 INFO[2020-12-06T08:07:07Z] cnet initialized containers="[{ID:3ae5286bc5302a6f366c0ddaacb92a95ce1f9680e1891e955ffeb6d8cf933c1b Name:/ping_test} {ID:394612b9d950084250a53cecb69ac8dbfd69b48747d302f2d5813d4b185508a4 Name:/nginx_test_invalid} {ID:1868b7ecf330289363efad885473e9dd6b09e640cfb7a34afc73b11825482f93 Name:/nginx_test}]" logfile="<nil>" policies="[{Container:{ID: Name:nginx_test} Communications:[{Processes:[{ID:0 Executable: Path:/usr/sbin/nginx}] Sockets:[{Protocol:TCP RemoteIP:<nil> LocalPort:80 RemotePort:0} {Protocol:TCP RemoteIP:<nil> LocalPort:443 RemotePort:0}]}]}]" FATA[2020-12-06T08:07:07Z] failed to bind nfqueue error="Error binding to queue: operation not permitted\n" DEBU[2020-12-06T08:07:07Z] nfqueue rule exist checked chain_name=DOCKER-USER exist=true protocol=all queue_num=2 DEBU[2020-12-06T08:07:07Z] the nfqueue rule deleted chainName=DOCKER-USER protocol=all queueNum=2 INFO[2020-12-06T08:07:07Z] cnet quits
何が原因かわかりませんがnfqueueにbindできなくなりcnetが起動できなくなるときがあります...