How to add dummy interfaces for a container

Question

I'm building a test environment for some software that, once deployed, should see some network interfaces.

I don't need the interfaces to be interactive, only that they appear using ip link show. Using ip link add dummy0 type dummy works only when directly executed on the shell, while it fails in scripts or Dockerfile RUN with RTNETLINK answers: Operation not permitted.

I am using docker-compose to set up and link multiple containers, however only one of those needs the dummy interfaces.

What is the simplest way to achieve this?

Answer 1

It's because --cap-add=NET_ADMIN is missing.

Follow these steps:

• Create Dockerfile with contents:

FROM alpine
COPY script.sh /script.sh
RUN chmod +x /script.sh
ENTRYPOINT ["/script.sh"]

• Create script.sh with contents:

#!/bin/sh
ip link add dummy0 type dummy
tail -f /dev/null
exec "$@"

• Build docker container docker build -t myimage:v1 .
• Run docker container without --cap-add option

$ docker run -itd myimage:v1
$ docker logs container-id
ip: RTNETLINK answers: Operation not permitted

• Run docker container with --cap-add=NET_ADMIN option.

$ docker run -itd --cap-add=NET_ADMIN myimage:v1
$ docker exec -it container-id sh
/ # ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether c2:ad:ec:b9:7c:34 brd ff:ff:ff:ff:ff:ff
37: eth0@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
/ #

NOTE: You can see dummy0 interface created.

--cap-add or --cap-drop are the option that you can use with docker run to add or drop any particular linux capabilities.

For more info, I highly recommend to go through this.

By default docker have few linux capabilities enabled and other disabled, which are listed here.

In case of docker-compose use cap_add option.