[Dnsmasq-discuss] Patch for ioctl(SIOCSARP) issue with Docker + Dnsmasq
Simon Kelley
simon at thekelleys.org.uk
Thu May 22 10:17:33 UTC 2014
On 22/05/14 04:46, Kyle Manna wrote:
> Hey all,
>
> I ran into an issue using dnsmasq within a docker/lxc container.
> Newer versions of docker drop the NET_ADMIN capability[1] which
> prevents ioctl(SIOCSARP) call from succeeding for unicast DHCPOFFERs.
>
> I've thrown together a quick patch (hack? due to lack of familiarity
> perhaps) and it's available on Github[2] as well as attached for
> completeness.
>
> I'm not sure if this is the best way to fix this or not. I'm not that
> familiar with DHCP + dnsmasq to know any better. I've also tried a
> docker container with ISC dhcpd and it worked without any
> modifications. I didn't look any closer to see how isc dhcpd operated.
>
> [1] https://github.com/dotcloud/docker/pull/4059
> [2] https://github.com/kmanna/dnsmasq/compare/master...docker_arp_fail
>
>
It's possible to get the same effect by configuration. Adding
dhcp-broadcast
to the dnsmasq config which will cause it to always use broadcast.
If a dnsmasq configuration is supplied for use with docker then adding
to that might be a better solution. If not then this patch has merit,
but some downsides too: it's a classic "do something surprising to mask
an unexpected error".
Note that there are other bits of code in dnsmasq that rely on having
NET_ADMIN, most obviously, the ability to bind ports < 1024 if
--bind-dynamic is in use.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list