-
Will Szumski authored
When using dnsmasq as a DHCP server, unless you use the noping option (and that is not recommended), the NET_RAW capabilty is required so that dnsmasq can send ICMP packets. These are used to check an address is not currently in use[1]. Docker enables this capability by default. Podman runs containers with a minimal set of capabilities[3]. [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012840.html [2] https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities [3] https://github.com/rhatdan/common/blob/f39f2a3f8c7680b9e456b9d235570e511807d6c6/docs/containers.conf.5.md?plain=1#L84-L101 Closes-Bug: #2055282 Change-Id: Ib3a1313df680d91c7f008063937ca7d37e82f690
Will Szumski authoredWhen using dnsmasq as a DHCP server, unless you use the noping option (and that is not recommended), the NET_RAW capabilty is required so that dnsmasq can send ICMP packets. These are used to check an address is not currently in use[1]. Docker enables this capability by default. Podman runs containers with a minimal set of capabilities[3]. [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012840.html [2] https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities [3] https://github.com/rhatdan/common/blob/f39f2a3f8c7680b9e456b9d235570e511807d6c6/docs/containers.conf.5.md?plain=1#L84-L101 Closes-Bug: #2055282 Change-Id: Ib3a1313df680d91c7f008063937ca7d37e82f690
