How can we add capabilities to a running docker container?

docker containers linux-capabilities
VanagaS picture VanagaS · Aug 4, 2016 · Viewed 11.2k times · Source

Is it possible to add a capability (for ex: NET_ADMIN) after the container has actually started?

I started a container few days ago and a service provided by it is being used by several other processes which are running remotely on other servers. I need to add a loopback interface to it, but unfortunately, I forgot to start the container with --cap-add=NET_ADMIN and hence couldn't add the interface now.

I'm looking for an option, if it is possible to give this capability somehow to this container.

Answer

Ryan Li picture Ryan Li · Aug 18, 2017

VanagaS

1.Stop Container:

docker stop yourcontainer;

2.Get container id:

docker inspect yourcontainer;

3.Modify hostconfig.json(default docker path:/var/lib/docker, you can change yours)

vim /var/lib/docker/containers/containerid/hostconfig.json

4.Search "CapAdd", and modify null to ["NET_ADMIN"];

....,"VolumesFrom":null,"CapAdd":["NET_ADMIN"],"CapDrop":null,....

5.Restart docker in host machine;

service docker restart;

6.Start yourconatiner;

docker start yourcontainer;

it work for me, enjoy it.

Related questions

How is Docker different from a virtual machine?

I keep rereading the Docker documentation to try to understand the difference between Docker and a full VM. How does it manage to provide a full filesystem, isolated networking environment, etc. without being as heavy? Why is deploying software to …

Read More
How to run a cron job inside a docker container?

I am trying to run a cronjob inside a docker container that invokes a shell script. Yesterday I have been searching all over the web and stack overflow, but I could not really find a solution that works. How can …

Read More
How to get IP address of running docker container

I am using Docker for Mac. I am running a nodejs based microservice in a Docker container. I want to test node microservice through the browser. How to get IP address of running docker container?

Read More