Open chrisawad opened 1 year ago
Is the error happening inside the container or on the host? My guess is that the user that runs docker compose up -d
may not have the permission to start a process that listens to one of the privileged ports (0-1023). Could that be the reason?
The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature.
Source: Privileged ports
Everything is being run as root so it's not that. Also I think CentOS 7 doesn't limit privileged ports like newer distros do. I've added the cap_add parameters for ALL and added privileged=true, and it didn't help.
I'm really not sure what it could be.
On Mon, Oct 2, 2023, 5:51 PM Thomas Schaffter @.***> wrote:
Is the error happening inside the container or on the host? My guess is that the user that runs docker compose up -d may not have the permission to start a process that listen to one of the privileged ports (0-1023). Could that be the reason?
The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature.
Source: Privileged ports https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
— Reply to this email directly, view it on GitHub https://github.com/tschaffter/docker-dnsmasq/issues/39#issuecomment-1743821383, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPDG5LTD7I2EKZECTXQORTX5MZPXAVCNFSM6AAAAAA5PZZXXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONBTHAZDCMZYGM . You are receiving this because you authored the thread.Message ID: @.***>
I am using it like this: I hope this helps.
https://nickjanetakis.com/blog/binding-to-low-ports-as-a-non-root-user-with-docker-and-kubernetes
ports:
- '53:53/udp'
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
Docker version 24.0.5, build ced0996 running on a CentOS 7.9 host.
docker compose up -d
... dnsmasq: failed to create listening socket for port 53: Permission denied ...
Setting host networking and port=5353 in the config file works, but 53 is the one I want. Nothing else is bound to port 53. Any suggestions?