Issue with compose and ssh

higatowa · December 20, 2020, 4:50pm

Hi,

I have a docker compose that does the following:

version: "3.8"       
services:
  bento:
    build: .
    ports:
      - "22:22"
    cap_add:
      - NET_ADMIN
    cap_drop:
      - ALL
    networks:
     - default

and the dockerfile that build is this one:https://github.com/higatowa/bento/blob/main/Dockerfile

I would like to filter the capabilities as much as possible but if I set only NET_ADMIN when connecting via SSH to the host local IP I get:

Connection closed by 192.168.1.2 port 22

Settting the NET_ADMIN would make it work with Docker run so I can’t figure out the issue

UPDATE:
adding

  cap_add:

      - ALL

    cap_drop:

      - NET_ADMIN

will make it work again, so the issue seems the right capability need to be added but still can’t find it

also the question came up, why with docker I don’t need any capability but with compose yes?

also why just adding NET_ADMIN will not work anyway?