Wednesday, May 6, 2015

RHEL / CentOS Linux 7 Enable Ping Access In Docker Container

           ,      No comments   
I'm using RHEL 7.1-4 container on a RHEL /CentOS Linux 7.x server. However, I'm unable to ping external site/IP address using the ping command. I'm getting the following error on screen:
ping: Operation not permitted
How do I fix this problem?

Linux kernel v2.2+, divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute. For example, CAP_NET_ADMIN capabilities perform various network-related operations such as:


  1. Interfaceconfiguration
  2. Administration of IP firewall, masquerading, and accounting;
  3. Modify routing tables;
  4. Bind to any address for transparent proxying
  5. Set type-of-service (TOS
  6. Clear driver statistics
  7. Set promiscuous mode
  8. Enabling multicasting
  9. The CAP_NET_RAW capabilities perform various operations such as:
    1. Use RAW and PACKET sockets
    2. Bind to any address for transparent proxying

Docker fix ping: Operation not permitted error

On a host server type the following command to assign CAP_NET_RAW and CAP_NET_ADMINcapabilities. The syntax is:
docker run --cap-add net_raw --cap-add net_admin --rm -t -i rhel7 /bin/sh
OR
docker run --cap-add net_raw --cap-add net_admin --rm -t -i registry.access.redhat.com/rhel7 /bin/bash

Attach to docker console

The following command allows you to enter a running docker called wwwserver:
docker exec -it [container-id] bash
docker exec -it wwwserver bash

Test ping command

Install ping command in wwwserver:
[root@wwwserver]# yum install -y iputils
Run the ping command:
[root@wwwserver]# ping -c4 google.com
PING google.com (216.58.219.206) 56(84) bytes of data.
64 bytes from lga25s40-in-f14.1e100.net (216.58.219.206): icmp_seq=1 ttl=55 time=42.2 ms
64 bytes from lga25s40-in-f14.1e100.net (216.58.219.206): icmp_seq=2 ttl=55 time=42.2 ms
64 bytes from lga25s40-in-f14.1e100.net (216.58.219.206): icmp_seq=3 ttl=55 time=42.1 ms
64 bytes from lga25s40-in-f14.1e100.net (216.58.219.206): icmp_seq=4 ttl=55 time=42.1 ms


--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 42.160/42.194/42.217/0.146 ms
References

0 comments:

Post a Comment