search

eclipse-kanto / container-management

container-management
Other
6 stars 10 forks source link

Question: How to run a container with access to Wifi device #149

Closed mikehaller closed 1 year ago

mikehaller commented 1 year ago

I'd like to run a container with hostapd with access to the host's physical Wifi, so that I can run an ad-hoc Access Point.

Configuration with network: host and privileged: true have been tested, but i only get "Operation not permitted" when I try to run hostapd or manually testing with ip link set wlan1 up.

For testing purposes, I run the setup within qemu, so that I can use modprobe mac80211_hwsim radios=2 to bring up two virtual wifi interfaces. When I run ip link set wlan1 up on the qemu guest shell (host$), it works fine. When I run the same command inside of a Kanto-managed container (container$), i get the following error message:

container$ ip link set wlan1 up
RTNETLINK answers: Operation not permitted

This is the setup:

host$ modprobe mac80211_hwsim radios=2
host$ ip l
host$ ip link set wlan1 up
host$ kanto-cm create --i --name ubuntu --network host --t --privileged docker.io/library/ubuntu:latest
host$ kanto-cm start --i --a --name ubuntu

container$ apt-get update && apt-get install hostapd iproute2 iw

container# ip link set wlan1 up
RTNETLINK answers: Operation not permitted

container# hostapd -B hostapd.conf
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
Could not set interface wlan1 flags (DOWN): Operation not permitted
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan1 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan1: interface state UNINITIALIZED->DISABLED
wlan1: AP-DISABLED 
wlan1: CTRL-EVENT-TERMINATING 
hostapd_free_hapd_data: Interface wlan1 wasn't started

For Docker, the solution seems to be to add --cap NET_ADMIN, but that's not available in kanto-cm. Any tipp on how to configure a container with additional capabilities, so that i can access and manage the Wifi devices using kanto?

k-gostev commented 1 year ago

Hi @mikehaller, thank you for reporting this issue. I checked what could be wrong and I found out that apparently the --priviledged flag is not working as expected, because not all linux capabilities are applied when it is used. Unfortunately, currently I can't think of any workaround.

dimitar-dimitrow commented 1 year ago

Hi @mikehaller, the problem with the --priviledged flag is fixed - #153. Could you please try again using the latest changes?

k-gostev commented 1 year ago

Fix is already provided and the issue is now getting stale.