From: František Dvořák <valtri@civ.zcu.cz>
Date: Tue, 26 Jan 2016 23:00:37 +0000 (+0100)
Subject: Add admin network capabilities (for firewall inside containers).
X-Git-Tag: v1.0.0~8
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=a8f126c08184b0680a1653702f9525d9e1c36da9;p=virtualization.git

Add admin network capabilities (for firewall inside containers).
---

diff --git a/docker.sh b/docker.sh
index 7017c88..08b173f 100755
--- a/docker.sh
+++ b/docker.sh
@@ -94,6 +94,7 @@ ARGS="${ARGS} -v /scratch${SCRATCH_SUBDIR}:/scratch"
 
 docker run -itd \
   -v ~/.ssh/authorized_keys_docker:/root/.ssh/authorized_keys \
+  --cap-add=NET_ADMIN --cap-add=NET_RAW \
   --net=${DOCKER_network} \
   --restart=on-failure:0 \
   ${ARGS} \
@@ -109,7 +110,7 @@ fi
 # ==== public IPv6 ====
 dev=veth`devname`
 # this is not persistent, let's create a script
-cat << EOF > /etc/docker/net-${FACTER_hostname}.sh
+cat << EOF > /etc/docker/${FACTER_hostname}.sh
 mkdir -p /var/run/netns || :
 find -L /etc/ssl/certs -type l -delete || :
 pid=\`docker inspect -f '{{.State.Pid}}' ${FACTER_hostname}\`
@@ -123,5 +124,5 @@ ip netns exec \$pid ip link set dev ${dev}b name public6
 ip netns exec \$pid ip link set public6 address ${FACTER_macaddress}
 ip netns exec \$pid ip link set public6 up
 EOF
-chmod +x /etc/docker/net-${FACTER_hostname}.sh
-sh -xe /etc/docker/net-${FACTER_hostname}.sh
+chmod +x /etc/docker/${FACTER_hostname}.sh
+sh -xe /etc/docker/${FACTER_hostname}.sh