When running vpnc in docker, get 'Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system'

docker permissions linux-networking routing vpn-client

Solution 1:

I am one of the core developers of OpenConnect and maintainers of the vpnc-script — which is used by both vpnc and OpenConnect for routing and DNS configuration.

This error message actually comes from the vpnc-script, not from vpnc itself, and…

  1. This error doesn't matter at all. It come from the command ip -4 route flush cache, which triggers IPv4 route flushing, which is an unnecessary, deprecated, no-op in modern Linux kernels.

    We retain it only for backwards-compatibility, in case someone somewhere is running vpnc/OpenConnect on an annnnnnnnnnnnnnnnncieeeeeeent Linux kernel.

  2. We suppressed the error message in a 2019 change to the standard vpnc-script.

    If you simply replace your vpnc-script with the latest version, the error will go away.

Solution 2:

As mentioned in the comments, there is no granular capability to be used with --add-cap, so you will have to run the container in privileged mode using --privileged in order to get rid of that warning.

Related

Cron is not running from docker container... failed
Promote external IPv6 to static?
Rsync from A to C thru reverse tunnel on B
How can I highlight lines of a file that begin with abc and DO NOT end with xyz?
How to disable crontab list entries in cron log?
Debugging sssd login: pam_sss [...] System error
Centos 8.1 installer cannot see SAS disks attached to Perc 6/i
Can you use a proxy server to retrieve a kickstart file?
ddclient: do not update IPv4, but just IPv6 [closed]
Best way to remove text from the beginning of a huge file
How do I attack Skulltulas sitting on their webs?
What enchantments can bows have?