Is true Layer 2 access possible with docker container?
All the container networking examples I saw seems to provide container a L3 network which means it is on a separate L2 network from host. Bridge interface also seems to for L2 network between containers only.
Is it possible to launch a docker container such that it has full Layer 2 access. For example, to run tcpdump within the container to capture packet of a specific host interface?
Solution 1:
Sure. Launch a container with --network host
and it’ll not get its own network namespace. This has massive security implications.