Hi,
I have a docker compose that does the following:
version: "3.8"
services:
bento:
build: .
ports:
- "22:22"
cap_add:
- NET_ADMIN
cap_drop:
- ALL
networks:
- default
and the dockerfile that build is this one:https://github.com/higatowa/bento/blob/main/Dockerfile
I would like to filter the capabilities as much as possible but if I set only NET_ADMIN when connecting via SSH to the host local IP I get:
Connection closed by 192.168.1.2 port 22
Settting the NET_ADMIN would make it work with Docker run so I can’t figure out the issue
UPDATE:
adding
cap_add:
- ALL
cap_drop:
- NET_ADMIN
will make it work again, so the issue seems the right capability need to be added but still can’t find it
also the question came up, why with docker I don’t need any capability but with compose yes?
also why just adding NET_ADMIN will not work anyway?