lost and found ( for me ? )

Ubuntu 16.04 LXD : install wireshark within CentOS based containers

I could install wireshark within Ubuntu-based LXD container by default configuration, but could not install wireshark on CentOS-based containers until I set “security.privileged” to true.

Here is what I did.

start a Cent7 container
$ lxc launch 8c7eed37f93c cent7-01

install wireshark
failed to install wireshark.
$ lxc exec cent7-01 bash
[root@cent7-01 ~]# yum install wireshark –y

Dependency Installed:
 c-ares.x86_64 0:1.10.0-3.el7 gnutls.x86_64 0:3.3.24-1.el7   libpcap.x86_64 14:1.5.3-8.el7 libsmi.x86_64 0:0.4.8-13.el7
 nettle.x86_64 0:2.7.1-8.el7  trousers.x86_64 0:0.3.13-1.el7 wget.x86_64 0:1.14-13.el7

 wireshark.x86_64 0:1.10.14-10.el7

[root@cent7-01 ~]#

stop the conainer and set security.privileged to true.
$ lxc stop cent7-01

$ lxc config set cent7-01 security.privileged true

$ lxc config show cent7-01 | grep security
 security.privileged: "true"

start the container and install wireshark
$ lxc start cent7-01

$ lxc exec cent7-01 -- yum install wireshark -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* extras: www.ftp.ne.jp
* updates: www.ftp.ne.jp
Resolving Dependencies
--> Running transaction check
---> Package wireshark.x86_64 0:1.10.14-10.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

Package                      Arch                      Version                              Repository               Size
wireshark                    x86_64                    1.10.14-10.el7                       base                     13 M

Transaction Summary
Install  1 Package

Total download size: 13 M
Installed size: 67 M
Downloading packages:
wireshark-1.10.14-10.el7.x86_64.rpm                                                                 |  13 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
 Installing : wireshark-1.10.14-10.el7.x86_64                                                                         1/1
 Verifying  : wireshark-1.10.14-10.el7.x86_64                                                                         1/1

 wireshark.x86_64 0:1.10.14-10.el7


You can also set “security.privileged true” to a profile as below.
$ lxc profile set default security.privileged true

$ lxc profile show default
name: default
 security.privileged: "true"
description: Default LXD profile
   name: eth0
   nictype: bridged
   parent: lxdbr0
   type: nic

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.