Reputation: 2858
I'm calling openconnect inside an ubuntu based docker container. It successfully connects to the server and prompt for my password, but then
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
TUNSETIFF failed: Operation not permitted
I search for the TUNSETIFF word and every answer is about the command not running in sudo, but I am already root inside the container. What else can go wrong?
Upvotes: 30
Views: 21457
Reputation: 1761
Either run the container privileged via
docker run -d --privileged myimage
as Adrian pointed out or run it with the NET_ADMIN
capability added and pass the tunnel device e.g.:
docker run -d --cap-add NET_ADMIN --device /dev/net/tun myimage
Upvotes: 3
Reputation: 46548
By default, Docker containers are started with a reduced set of linux capabilities (see man capabilities
). The reduced set doesn't include some network related functionality (presumably so that containers can't sniff traffic from the host or other containers).
To start a container with full network capabilities, either explicitly add the SYS_NET_ADMIN
capability with --cap-add
argument e.g:
docker run -d --cap-add SYS_NET_ADMIN myimage
Or give the container the full set of privileges with --privileged
e.g:
docker run -d --privileged myimage
Upvotes: 39
Reputation: 2858
Starting the container with --privileged. (Thanks Adrian Mouat for the answer).
Upvotes: 0