Closed hongyi-zhao closed 3 years ago
ping
needs capability NET_RAW
that is dropped by default in docker containers.
You can allow it with --cap-add NET_RAW
.
I checked the document here, and figure out the following trick:
--cap-add=ALL
or
--cap-add=IPC_LOCK --cap-add=NET_RAW
OTOH, based on the help, I see the following explanation:
$ docker run --help | grep -- --cap-add
--cap-add list Add Linux capabilities
But, I still can't figure out how to add multiple explicit capabilities with one --cap-add argument. Any hints?
Regards, HY
This way:
--cap-add=IPC_LOCK --cap-add=NET_RAW
You could have just tried out.
Edit: just saw your edit; I don't know how to specify a list instead of using single options.
In my case, using a debian image, I had pass the flags --cap-add=NET_RAW
and --newprivileges=yes
for ping
to work.
The container is created with this Dockerfile and started with the following command:
$ x11docker --sudouser -c --hostnet --desktop --init=systemd -- --cap-add=IPC_LOCK --security-opt seccomp=unconfined -- hongyi-zhao/deepin-wine startdde
But I failed to execute the ping command in the container as shown below.
Any hints for this problem?
Regards, HY