capng_change_id for main thread failed

jasonish / docker-suricata

A Suricata Docker image.

https://hub.docker.com/r/jasonish/suricata/

MIT License

250 stars 76 forks source link

capng_change_id for main thread failed #25

Closed hyperreal64 closed 2 years ago

hyperreal64 commented 2 years ago

I'm using Podman on Fedora CoreOS 35. This is the command I'm using:

sudo podman run --rm -it --net=host --cap-add=net_admin --cap-add=sys_nice jasonish/suricata:latest -i ens3

I get the following error:

<Error> - [ERRCODE: SC_ERR_FATAL(171)] - capng_change_id for main thread failed

Thank you for making a Docker image for Suricata. Please let me know if there is anymore info you need to help troubleshoot this. :-)

jasonish commented 2 years ago

Thanks for the report. Appears to be failing on the same way on Fedora 35 and Fedora 34 (it wasn't always on Fedora 34).

I've tried adding a few of the capabilities, but the privilege dropping done by Suricata continues to fail. The only work-around I know so far is to run with --privileged which is a bit unfortunate. I will be looking into this.

jasonish commented 2 years ago

For podman you have to add --cap-add=net_raw as well now. I'll update the README.

jasonish commented 2 years ago

README updated. Let me know if you any other issues.

hyperreal64 commented 2 years ago

Thank you! It works now.