I tried to run a simple python UDP echo server listening on port 507 inside a docker container that uses a non-root user. The Dockerfile looks like this:
FROM docker.io/centos RUN yum -y install iputils iproute COPY echo-server.py /tmp/ USER 1000 CMD ["python", "/tmp/echo-server.py"]
Since 507 is a well-known port, I also added the NET_BIND_SERVICE feature when releasing docker, but I still get the error message:
# docker run --cap-add=NET_BIND_SERVICE 4d1c2301b166 Traceback (most recent call last): File "/tmp/echo-server.py", line 12, in <module> s.bind(('', port)) File "/usr/lib64/python2.7/socket.py", line 224, in meth return getattr(self._sock,name)(*args) socket.error: [Errno 13] Permission denied
When checking capabilities, I see that effective features are not set when using a user without root authority.
[ root@srv-tcn-01 ha-service]
Does anyone know how to run a program in a Docker container with a non-root user and some features?
source share