User namespace and host network with docker

Norbby June 21, 2020, 10:28pm 1

Hi,
I’m using suricata 5.0.2 in docker.
I send all my network trafic on an interface of my server and my suricata capture it.
I start my docker with the parameter --net=host and -i enXXXX
It works perfectly.

I want to increase my security of my docker and i activate the user namespace.
And now, i have a problem because i can’t use the parameter --net=host with the user namesapce

The following standard Docker features are incompatible with running a Docker daemon with user namespaces enabled:
- sharing PID or NET namespaces with the host (–pid=host or --network=host).

Do you have any ideas on how can i start my docker image to capture the network traffic on this enXXXX interface ?

Many thanks

1 Like

Topic		Replies	Views	Activity
Suricata not detecting intrusion on other docker containers within the same network	3	32	February 17, 2025
Suricata in Kubernetes Help	2	5150	September 22, 2021
Running Suricata 6.0.0 inside a docker container with docker interface. The tool doesn't seem to Sniff traffic Help docker	2	1242	May 24, 2023
Running Suricata IPS AF-Packet in docker container Help ips , rules , docker , suricata	3	5118	July 13, 2023
Suricata Failed to Startup and Failed to Drop Privileges in Docker Container Help suricata	6	712	November 24, 2023