I am running a rootless docker container on a Ubuntu host (24.04 LTS). However, I cannot ping the host where the container is running and the outside network. The workaround I created are two steps:
- Run the container with the
--privilegedoption, as indocker container run --privileged - On the host where the container is running, set Linux kernel parameber `net.ipv4.ping_group_range` to include the group id that runs the container. For instance,
if the group id of the user that runs the container is 3000, we can set the parameter as follows:
echo "3000 3000" > /proc/sys/net/ipv4/ping_group_range
If tests indicate that pings are successful in the container, we can set the kernel parameter through a configuration file so that the setting can survive reboot, e.g.,
- On the host that the container is running, create a file, e.g.,
/etc/sysctl.d/99-ping-group-range.confas in:echo "net.ipv4.ping_group_range=3000 3000" \ > /etc/sysctl.d/99-ping-group-range.conf
The idea of these is from
No comments:
Post a Comment