I have to add some rule to iptables, in the build process it give me an error because i need privilege so is there any way to get around it,
i know that there no privilege option in build, or can i build and image without run it ?
Asked
Active
Viewed 4,092 times
10
Wissam Roujoulah
- 3,229
1 Answers
2
It's considered better practice from what I understand to use specific kernel capabilities:
docker run --cap-add NET_ADMIN <image> <command>
should get you what you need. You may need to also add SYS_ADMIN as well.
Patrick
- 599
-
4i want it in build time not in run time – Wissam Roujoulah Jan 24 '17 at 12:33
-
Unfortunately you have to add these flags during runtime. – Patrick Jan 24 '17 at 17:13
-
1As a follow-up, see this thread for more information on the status of this feature: https://github.com/moby/moby/issues/1916 – Patrick Mar 13 '18 at 13:10