I need to set up a docker container, which has an internal network (tap-bridge-tap) to enable the IP communication between two applications in a test environment.
Since the environment forbids the usage of docker run --privileged to configure the tap devices + bridge during runtime, I want to preconfigure it by using DOCKERFILE and docker build to ship a ready-to-use container.
FROM ubuntu:24.04
USER root
RUN apt-get update && apt-get install -y \
iproute2 \
iputils-ping \
net-tools \
bridge-utils
RUN ip tuntap add dev tap0 mode tap user $(whoami) && \
ip tuntap add dev tap1 mode tap user $(whoami) && \
ip link add name br0 type bridge && \
ip link set dev tap0 master br0 && \
ip link set dev tap1 master br0 && \
ip link set dev br0 up && \
ip link set dev tap0 up && \
ip link set dev tap1 up
Unfortunately I get the following result while building:
> [3/3] RUN ip tuntap add dev tap0 mode tap user $(whoami) && ip tuntap add dev tap1 mode tap user $(whoami) && ip link add name br0 type bridge && ip link set dev tap0 master br0 && ip link set dev tap1 master br0 && ip link set dev br0 up && ip link set dev tap0 up && ip link set dev tap1 up:
0.158 open: No such file or directory
------
Dockerfile:12
--------------------
11 |
12 | >>> RUN ip tuntap add dev tap0 mode tap user $(whoami) && \
13 | >>> ip tuntap add dev tap1 mode tap user $(whoami) && \
14 | >>> ip link add name br0 type bridge && \
15 | >>> ip link set dev tap0 master br0 && \
16 | >>> ip link set dev tap1 master br0 && \
17 | >>> ip link set dev br0 up && \
18 | >>> ip link set dev tap0 up && \
19 | >>> ip link set dev tap1 up
20 |
--------------------
ERROR: failed to solve: process "/bin/sh -c ip tuntap add dev tap0 mode tap user $(whoami) && ip tuntap add dev tap1 mode tap user $(whoami) && ip link add name br0 type bridge && ip link set dev tap0 master br0 && ip link set dev tap1 master br0 && ip link set dev br0 up && ip link set dev tap0 up && ip link set dev tap1 up" did not complete successfully: exit code: 1
exit status 1
I performed those steps manually in a privileged environment and a non-privileged. As expected: It requires privileged rights to perform the ip tuntap... commands.
Is there any kind of workaround to get this problem solved?
I need to set up a docker container, which has an internal network (tap-bridge-tap) to enable the IP communication between two applications in a test environment.
Since the environment forbids the usage of docker run --privileged to configure the tap devices + bridge during runtime, I want to preconfigure it by using DOCKERFILE and docker build to ship a ready-to-use container.
FROM ubuntu:24.04
USER root
RUN apt-get update && apt-get install -y \
iproute2 \
iputils-ping \
net-tools \
bridge-utils
RUN ip tuntap add dev tap0 mode tap user $(whoami) && \
ip tuntap add dev tap1 mode tap user $(whoami) && \
ip link add name br0 type bridge && \
ip link set dev tap0 master br0 && \
ip link set dev tap1 master br0 && \
ip link set dev br0 up && \
ip link set dev tap0 up && \
ip link set dev tap1 up
Unfortunately I get the following result while building:
> [3/3] RUN ip tuntap add dev tap0 mode tap user $(whoami) && ip tuntap add dev tap1 mode tap user $(whoami) && ip link add name br0 type bridge && ip link set dev tap0 master br0 && ip link set dev tap1 master br0 && ip link set dev br0 up && ip link set dev tap0 up && ip link set dev tap1 up:
0.158 open: No such file or directory
------
Dockerfile:12
--------------------
11 |
12 | >>> RUN ip tuntap add dev tap0 mode tap user $(whoami) && \
13 | >>> ip tuntap add dev tap1 mode tap user $(whoami) && \
14 | >>> ip link add name br0 type bridge && \
15 | >>> ip link set dev tap0 master br0 && \
16 | >>> ip link set dev tap1 master br0 && \
17 | >>> ip link set dev br0 up && \
18 | >>> ip link set dev tap0 up && \
19 | >>> ip link set dev tap1 up
20 |
--------------------
ERROR: failed to solve: process "/bin/sh -c ip tuntap add dev tap0 mode tap user $(whoami) && ip tuntap add dev tap1 mode tap user $(whoami) && ip link add name br0 type bridge && ip link set dev tap0 master br0 && ip link set dev tap1 master br0 && ip link set dev br0 up && ip link set dev tap0 up && ip link set dev tap1 up" did not complete successfully: exit code: 1
exit status 1
I performed those steps manually in a privileged environment and a non-privileged. As expected: It requires privileged rights to perform the ip tuntap... commands.
Is there any kind of workaround to get this problem solved?
Share Improve this question asked 22 hours ago poeschlornpoeschlorn 12.4k17 gold badges56 silver badges65 bronze badges1 Answer
Reset to default 2You don't. The output of a container image is the assembly of the filesystem and metadata on the image (including defaults to run the container). The network is one of the namespaces managed by container runtimes and they do not pull in any settings for that from the image.
At best, you could create an entrypoint script that configures the launched container, but this requires every container you deploy from the image to be privileged.
In general, hearing your problem, I'm worried you are going down an XY Problem path. Communication between containers is a long solved issue. In Docker, that involves a common network and communicating using a container name, service name, or other network alias. Kubernetes has their own service name concept.