Comments (8)
For anyone else ending up here when trying to get dnsmasq running in ECS:
Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514214#10
You can use --user=root
to avoid the need to run as a privileged container.
from docker-dnsmasq.
@borgstrom, while I didn't generally agree with #11, it could make sense to mention this in the README. I'm going to close this issue as the original one is more specific to AWS. But I'd be happy to accept a pull request to add something to the README mentioning adding --user=root
to their CMD
in lieu of --privileged
or --cap-add
.
from docker-dnsmasq.
I forget what was failing. Can you try and see? It might have been the binding of ports < 1024 per http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2014q2/008540.html.
from docker-dnsmasq.
I used --privileged flag and it's working, but i don't think that's a good idea from the security perspective?
from docker-dnsmasq.
Security is different for everyone. I can't really comment on that specifically. But understanding why we need to use --privileged
or -cap-add NET_ADMIN
could be helpful to all. If it was something as simple as binding to port 53 then we could probably change that to 5300 in the container and use port mapping externally to do 53:5300
and you wouldn't need any privileged mode.
from docker-dnsmasq.
FAQ on dnsmasq says that NET_ADMIN is essential
; and from what i could gather for iptables
and port bindings
.
What i found is that if i run -k -d
without -cap-add NET_ADMIN
it working so maybe it's one of this:
-d, --no-daemon
Debug mode: don't fork to the background, don't write a pid file, don't change user id, generate a complete cache dump on receipt on SIGUSR1, log to stderr as well as syslog, don't fork new processes to handle TCP queries. Note that this option is for use in debugging only, to stop dnsmasq daemonising in production, use -k.
from docker-dnsmasq.
Unfortunately, I don't have a good answer. I don't use this image anymore and don't have good understanding of the Linux capabilities. I tired to narrow down the capabilities when I originally used it so that it didn't require --privileged
. I found that NET_ADMIN
was the best compromise. But if --privileged
is available and you understand the security implications (of which I can't really talk to) then that would be a workaround as I was originally running it with --privileged
before I found NET_ADMIN
working.
If you or anyone else find otherwise, feel free to open a pull request to modify the README accordingly.
from docker-dnsmasq.
I will probably run it in --privileged
because the container is running on private network.
Thanks for help.
from docker-dnsmasq.
Related Issues (20)
- Update to 2.78 HOT 3
- Can't resolve name when the dockerized app and dockerized dnsmasq on the same host HOT 2
- inotifywait dnsmasq.conf althosts -> HUP HOT 1
- Feature: Multiple architectures using manifest HOT 6
- Error starting userland proxy HOT 2
- `cname` not working HOT 4
- Isn't a issue, but it's a question about this image. HOT 1
- Conflicts with systemd-resolved HOT 7
- Some lookups fail. Dockerized dnsmasq unusable. HOT 1
- provide updated images on dockerhub HOT 1
- Root user has no password HOT 1
- Stopped working in docker desktop for mac v2.1.0.0 HOT 3
- Maximum number of concurrent DNS queries reached HOT 6
- Provide dnssec capabilities HOT 4
- Don't work in swarm but in docker-compose HOT 4
- Up for adoption HOT 13
- docker-compose does not work HOT 1
- how can i user this image HOT 1
- push to quay.io HOT 1
- Can't get it to work as DHCP server HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-dnsmasq.