(OK) can't modify the kernel IP routing table in the container


https://groups.google.com/forum/#!topic/docker-user/gFHoaKpr7no

Hi,
I tried to modify the the kernel IP routing table in the container, like set default gateway or add routing record, they both are not permitted like below:

[root@1a066a5779fe ~]# route add default gw 10.175.177.176
SIOCADDRT: Operation not permitted
[root@1a066a5779fe ~]# ip route add 10.175.177.176/29 dev eth1
RTNETLINK answers: Operation not permitted
[root@1a066a5779fe ~]# route add -net 10.175.177.176 netmask 255.255.255.248 gw 10.175.177.169 dev eth1
SIOCADDRT: Operation not permitted

anyone knows why? who has solution or work around here?

best regards.
--------------------------------------------------------------------------------------------------------------------------------------------

Panagiotis Moustafellos

kernel network capabilities are not enabled by default.

You are going to need to run your container with --privileged

--------------------------------------------------------------------------------------------------------------------------------------------

Solomon Hykes

Note that, in addition to the (heavy-handed) --privileged, you can also enable individual capabilities with --cap-add.

--------------------------------------------------------------------------------------------------------------------------------------------

hi Panagiostis,


that's true. I just tried to start container with '--priviledged=true', it's working now. thanks very much for your help.

best regards.

--------------------------------------------------------------------------------------------------------------------------------------------

hi Solomon,


thanks for your advise, i will take chance to try it.

best regards.

posted @ 2016-06-22 09:14  张同光  阅读(108)  评论(0编辑  收藏  举报