d8ahazard
commented
7 years ago I honestly don't know that it is. Docker is new to me - I'm always open to suggestions for improvement.
Open deed02392 opened 7 years ago
d8ahazard
commented
7 years ago I honestly don't know that it is. Docker is new to me - I'm always open to suggestions for improvement.
deed02392
commented
7 years ago I think you may have enabled it because you need it to configure the host device to support multicast? Did you write this and have simply forgotten why you enabled it? :-)
d8ahazard
commented
7 years ago I think so. I'm seeing some messages in the log with it disabled about iptables needing root privileges. Working on some other things with it at the moment, adding some env variables for the ports.
How much do you know about docker? I'm trying to link the Phlex logs to the standard output, but not getting very far...
On Thu, Jul 20, 2017 at 10:47 AM, deed02392 notifications@github.com wrote:
I think you may have enabled it because you need it to configure the host device to support multicast? Did you write this and have simply forgotten why you enabled it? :-)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/d8ahazard/docker-phlex/issues/6#issuecomment-316745450, or mute the thread https://github.com/notifications/unsubscribe-auth/ABjuNOkQxLDWwNZcFhNgZyYmSYEto-O9ks5sP3Z8gaJpZM4OeQIY .
deed02392
commented
7 years ago I think you need to ensure Phlex runs as PID 1, by using ENTRYPOINT exec form: https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
d8ahazard
commented
7 years ago @deed02392
https://forum.linuxserver.io/thread-495.html
I'm trying to get LSIO to make a proper image so this can become a non-issue. Pop over and show some support! :D
aptalca
commented
7 years ago @deed02392 --privileged is used for two reasons: 1) iptables 2) sysctl (for multicast)
iptables without privileged works if --cap-add=NET_ADMIN is added but I'm not sure what capability provides sysctl ability. I tried some of the obvious ones but they didn't work
deed02392
commented
7 years ago What specific sysctl parameters are getting changed? They can be modified with the call to run the container: --sysctl flag.
On 7 August 2017 at 20:49, aptalca notifications@github.com wrote:
@deed02392 https://github.com/deed02392 --privileged is used for two reasons:
- iptables
- sysctl (for multicast)
iptables without privileged works if --cap-add=NET_ADMIN is added but I'm not sure what capability provides sysctl ability. I tried some of the obvious ones but they didn't work
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/d8ahazard/docker-phlex/issues/6#issuecomment-320762255, or mute the thread https://github.com/notifications/unsubscribe-auth/ADX01w3xMhrNTHheHR3pKgju0uk3gLuHks5sV2pfgaJpZM4OeQIY .
-- From George Hafiz
Why is the privileged flag required for the operation of Phlex? Can we address this potential security issue?