Why am I getting an RTNETLINK Operation Not Permitted when using Pipework with Docker containers?

docker

I'm running CoreOS stable 494.5.0 using Vagrant/VirtualBox and am running the vanilla ruby:2.1.5 Docker image. I'm trying to use Pipework to connect the Docker container to a local physical interface (as opposed to using --net=host when running the container) so I can sniff traffic. Pipework creates eth1@if2 in the container and sets its IP address correctly, but the link ends up in the UNKNOWN state and when I try to bring the link up using ip link I get RTNETLINK answers: Operation not permitted.

If it makes a difference, I have to use ip link set dev eth1 up instead of ip link set dev eth1@if2 up or else I get Cannot find device "eth1@if2".

Any ideas what I'm doing wrong?


Docker containers do not have full privileges by default. Try adding this to the docker run command:

--cap-add=NET_ADMIN

List of capabilities


In your docker-compose.yml you can add this:

container_or_service_name:
  cap_add:
    - NET_ADMIN

Credit where credit is due: this answer is based on a comment by @petrkotek under the accepted answer, but I ended up using it myself, so I wanted to make it more visible.

Related

Check if single cell value is NaN in Pandas
Maven dependencies - version vs updates
Why return new static? (PHP)
In Pandas, how to delete rows from a Data Frame based on another Data Frame?
In Pandas, how to delete rows from a Data Frame based on another Data Frame?
Excess properties not inferred correctly in unions : any workarounds?
Is there a way to change the extensions folder location for Visual Studio Code?
Is there a way to change the extensions folder location for Visual Studio Code?
speify in a list that states that each element is a string or an integer?
Is there any way to get s3 uri from aws web console?
How to document websockets?
Differences between Python game libraries Pygame and Pyglet?