I have a docker compose that does the following:
version: "3.8" services: bento: build: . ports: - "22:22" cap_add: - NET_ADMIN cap_drop: - ALL networks: - default
and the dockerfile that build is this one:https://github.com/higatowa/bento/blob/main/Dockerfile
I would like to filter the capabilities as much as possible but if I set only NET_ADMIN when connecting via SSH to the host local IP I get:
Connection closed by 192.168.1.2 port 22
Settting the NET_ADMIN would make it work with Docker run so I can’t figure out the issue
cap_add: - ALL cap_drop: - NET_ADMIN
will make it work again, so the issue seems the right capability need to be added but still can’t find it
also the question came up, why with docker I don’t need any capability but with compose yes?
also why just adding NET_ADMIN will not work anyway?