我有一个应用程序,我正在try 移动到一个 docker 集装箱.我的大部分功能都在运行,但应用程序中需要提升权限的部分(使用套接字和配置网络参数)似乎不起作用.
我试过的是:
- 颁发
--privileged
面旗帜 - 颁发
--cap-add=NET_ADMIN
面旗帜 - 使用
--security-opt apparmor=unconfined --security-opt seccomp=unconfined
删除安全选项 - Adding user groups and sudo in the 文档文件
- 使用
--net=host \
选项. - 将我的用户添加到扩展坞组
- 颁发
--cap-add=SYS_RAWIO
面旗帜 - Adding my user to the netdev group in the 文档文件
RUN groupadd -r netdev && usermod -a -G netdev $USER
这是我收到的错误:
Process Process-2:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/local/lib/python3.9/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/app/support_files/wizard_configuration_routines.py", line 781, in find_device
device_list = scan_subnet('192.168.30.0/24',g_interface)
File "/app/support_files/wizard_configuration_routines.py", line 757, in scan_subnet
answered, unanswered = scapy.arping(subnet,verbose=False,iface=g_interface)
File "/usr/local/lib/python3.9/site-packages/scapy/layers/l2.py", line 890, in arping
ans, unans = srp(
File "/usr/local/lib/python3.9/site-packages/scapy/sendrecv.py", line 687, in srp
s = iface.l2socket()(promisc=promisc, iface=iface,
File "/usr/local/lib/python3.9/site-packages/scapy/arch/linux.py", line 484, in __init__
self.ins = socket.socket(
File "/usr/local/lib/python3.9/socket.py", line 232, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 1] Operation not permitted
以下是相关文件
文档文件
# Slim version of Python
FROM python:3.9-slim
# Download Package Information
RUN apt update -y
# Install Tkinter
RUN apt install tk -y
# Install fontconfig
RUN apt install fontconfig -y
# Install Pillow
RUN python3 -m pip install Pillow
RUN python3 -m pip install ouster-sdk
RUN python3 -m pip install scapy
RUN python3 -m pip install customtkinter
RUN apt install net-tools -y
RUN fc-cache -f -v
# Commands to run Tkinter application
CMD ["/app/scot_wizard.py"]
ENTRYPOINT ["python3"]
Build.sh
sudo docker build -t tkinter_in_docker .
Run.sh
sudo docker run -u=$(id -u $USER):$(id -g $USER) \
-e DISPLAY=$DISPLAY \
-v /tmp/.X11-unix:/tmp/.X11-unix:rw \
-v $(pwd)/app:/app \
-v $(pwd)/logs:/logs \
-v $(pwd)/records:/records \
-v $(pwd)/fonts:/.fonts\
-w /app \
--privileged \
--net=host \
--rm \
tkinter_in_docker
为了理解这个问题,我制作了一个简单的 docker 容器,它有一条失败的线路,并且它起作用了.我不明白为什么它在较大的应用程序中不起作用.以下是最小的示例:
文档文件
# Slim version of Python
FROM python:3.9-slim
# Download Package Information
RUN apt update -y
RUN apt install net-tools -y
RUN apt install -y libpcap0.8
RUN python3 -m pip install scapy
# Commands to run Tkinter application
CMD ["SCOT_wizard.py"]
ENTRYPOINT ["python3"]
Run.sh
sudo docker run \
-v $(pwd)/app:/app \
-w /app \
--net=host \
--rm \
tkinter_in_docker
/app/scot_wizard.py
import scapy.all as scapy
answered, unanswered = scapy.arping('192.168.11.0/24',verbose=False,iface='eno2')
print(answered)