Docker Community Forums

Share and learn in the Docker community.

Can't assign to priviliged ports (<1024)


(Kjell Havnesköld) #1

Expected behavior

$docker run -d -p 80:80 nimmis/apache
4823b206350aed229b2da504de704833419f6d6759eb684d0e551c656f5c942f
$

container accessable with port 80 from externa port

Actual behavior

$docker run -d -p 80:80 nimmis/apache
docker: Error response from daemon: driver failed programming external connectivity on endpoint adoring_williams (8eea84b97ad7acb983bddf1b4bfe31c67304e430aefe8c9029ae7320caa748cd): Error starting userland proxy: failed to bind port: Unix.Unix_error(Unix.EACCES, “bind”, “”).
$

Works if you giv e port above 1024

$docker run -d -p 8080:80 nimmis/apache
7f25cbeb86f5ee7e854432c3199bd54c472190be0819b55c326ce124fdc42062
$

Information

pinata diagnose -u
OS X: version 10.10.5 (build: 14F1713)
Docker.app: version v1.11.0-beta6
Running diagnostic tests:
[OK] docker-cli
[OK] Moby booted
[OK] driver.amd64-linux
[OK] vmnetd
[OK] osxfs
[OK] db
[OK] slirp
[OK] menubar
[OK] environment
[OK] Docker
[OK] VT-x
Docker logs are being collected into /tmp/20160412-133714.tar.gz.
Your unique id in bugsnag is: ECEBD305-824C-4FC0-AC4B-3DF038857962
Please quote this in all correspondence.

Steps to reproduce the behavior

  1. docker run -d -p 80:80 nimmis/apache
  2. container falis to bild the privileged port
  3. does not help to run as root

(Julien Maitrehenry) #2

Hi nimmis!

You have to add NET_BIND_SERVICE capability : docker run -p 180:80 -d --cap-add NET_BIND_SERVICE nginx
It’s the same on linux.


(Kjell Havnesköld) #3

I don’t have to do that on an normal Linux installation (CentOS or Ubuntu)

This is how it looks on my Ubuntu 14.04
kjell@ubuntu:~$ docker run -d -p 80:80 nimmis/apache
76111a4fbd56842af61d29808439a8433704b78a609bce14372837a108f70337
kjell@ubuntu:~$


(Kjell Havnesköld) #4

Do in it on the beta-docker gives the same error as before
$ docker run -p 80:80 -d --cap-add NET_BIND_SERVICE nimmis/apache
dd3607f370da774659f9ceec1e8f8e64a1c28983c378d1109462c45f9eb3c878
docker: Error response from daemon: driver failed programming external connectivity on endpoint prickly_bassi (a27281918354f7f94db2dd80b2e9a761892a24c66b0765749c4ad123fce27a41): Error starting userland proxy: failed to bind port: Unix.Unix_error(Unix.EACCES, “bind”, “”).


(Julien Maitrehenry) #6

Can you try to run this : docker run -p 180:80 -d --cap-add NET_BIND_SERVICE nginx ?


(Julien Maitrehenry) #7

I just try docker run -p 280:80 -d --cap-add NET_BIND_SERVICE nimmis/apache and it works on my mac.
(I use port 280 because 80 and 180 are already taken by an another container)


(Kjell Havnesköld) #8

Same result on beta-docker
$ docker run -p 180:80 -d --cap-add NET_BIND_SERVICE nginx
fa6744c99ada895c0e301801d60b2c214b6cfe3fd1f4eb44bf424ba993b95631
docker: Error response from daemon: driver failed programming external connectivity on endpoint adoring_brahmagupta (fc05cfcd198e1f7661930df1c9103a336d0eb8b6d389a0663d93379f0b6a1eb4): Error starting userland proxy: failed to bind port: Unix.Unix_error(Unix.EACCES, “bind”, “”).

same result with 280, i run Yosemite, i’ll try it on Mountain Lion later to see if there is any difference.

I had boot2docker installed before but removed it before installing beta-docker


(Julien Maitrehenry) #9

I’m using El Capitan and I was using docker-machine / boot2docker before docker-beta.

I can’t help you more.


(Justin Cormack) #10

Hi, this is a known issue in VPN mode and will be fixed soon. If you are not using VPN mode can we have some more information?


(Kjell Havnesköld) #11

That’s correct, disable VPN and privileged port works


(Jesseditson) #12

Hey there! I’m attempting to migrate to docker for mac, but not being able to bind to a privileged port while using a VPN is a blocker for me - is there an issue somewhere where I can track progress on this issue?


(Justin Cormack) #13

Hi this should be resolved now.

Justin