User namespace and host network with docker

Norbby June 21, 2020, 10:28pm 1

Hi,
I’m using suricata 5.0.2 in docker.
I send all my network trafic on an interface of my server and my suricata capture it.
I start my docker with the parameter --net=host and -i enXXXX
It works perfectly.

I want to increase my security of my docker and i activate the user namespace.
And now, i have a problem because i can’t use the parameter --net=host with the user namesapce

The following standard Docker features are incompatible with running a Docker daemon with user namespaces enabled:
- sharing PID or NET namespaces with the host (–pid=host or --network=host).

Do you have any ideas on how can i start my docker image to capture the network traffic on this enXXXX interface ?

Many thanks

1 Like

Topic		Replies	Views	Activity
Running Suricata 6.0.0 inside a docker container with docker interface. The tool doesn't seem to Sniff traffic Help docker	2	745	May 24, 2023
Running Suricata IPS AF-Packet in docker container Help ips , rules , docker , suricata	3	2529	July 13, 2023
Suricata in docker doesn't block packets docker , suricata	3	312	July 31, 2023
$HOME_NET and multiple interfaces, plus deployment best practices Help	3	3551	June 27, 2020
Suricata IDS with eBPF XDP SYNPROXY DDOS community	4	187	January 23, 2024