Skip to content
This repository has been archived by the owner on Jan 21, 2023. It is now read-only.
This repository has been archived by the owner on Jan 21, 2023. It is now read-only.

permitions deny #9

Closed
RomanSilinenko opened this issue Dec 8, 2017 · 4 comments
Closed

permitions deny #9

RomanSilinenko opened this issue Dec 8, 2017 · 4 comments

Comments

@RomanSilinenko
Copy link

RomanSilinenko commented Dec 8, 2017
edited
Loading

Hi, could you please help to fix the issues with file permitions?
if i run as root the offered command:
#docker run --rm -it --cap-add=NET_RAW --net=host -v pwd:/pcap:rw blacktop/bro -i ens160
if have the following:

[root@cbtlinux bro]# docker logs bro
listening on ens160
error: packet_filter/Log::WRITER_ASCII: cannot open packet_filter.log: Permission denied
error: packet_filter/Log::WRITER_ASCII: terminating thread
error: reporter/Log::WRITER_ASCII: cannot open reporter.log: Permission denied
error: reporter/Log::WRITER_ASCII: terminating thread
1512745949.920468 error: weird/Log::WRITER_ASCII: cannot open weird.log: Permission denied
1512745949.920468 error: weird/Log::WRITER_ASCII: terminating thread
1512745950.385030 error: dns/Log::WRITER_ASCII: cannot open dns.log: Permission denied
1512745950.385030 error: dns/Log::WRITER_ASCII: terminating thread
1512745950.408958 error: files/Log::WRITER_ASCII: cannot open files.log: Permission denied
1512745950.408958 error: files/Log::WRITER_ASCII: terminating thread
1512745950.408958 error: http/Log::WRITER_ASCII: cannot open http.log: Permission denied
1512745950.408958 error: http/Log::WRITER_ASCII: terminating thread
1512745950.555018 error: x509/Log::WRITER_ASCII: cannot open x509.log: Permission denied
1512745950.555018 error: x509/Log::WRITER_ASCII: terminating thread
1512745950.623345 error: tunnel/Log::WRITER_ASCII: cannot open tunnel.log: Permission denied
1512745950.623345 error: tunnel/Log::WRITER_ASCII: terminating thread

...
and so on.

what is the problem?

moreover i did "chmod a+rw" for the host directory which binds to /pcap
@blacktop
Copy link
Owner

blacktop commented Dec 8, 2017

I believe you run as root inside the container, but it is not really root so maybe it doesn't have the ability to read the pcap folder when it is mounted? oh yeah I can see you are running as root outside the container so I think that is why.

If you tried again not as root (on your host) I think it might start working?

@RomanSilinenko
Copy link
Author

Hi! Not sure i got the idea why root is not quite root, but anyway, I've created a user, added him into docker group and ran the container again. doesn't help much.
[roman@cbtlinux ~]$ docker run -d --cap-add=NET_RAW --name bro --net=host -v pwd:/pcap:rw blacktop/bro -i ens160 -C 60ca2382bd76ec6ffac60008c194b32b2f3c3a8918e56f35336bd52301beb366 [roman@cbtlinux ~]$ docker logs bro listening on ens160 1512993328.085274 error: packet_filter/Log::WRITER_ASCII: cannot open packet_filter.log: Permission denied 1512993328.085274 error: packet_filter/Log::WRITER_ASCII: terminating thread 1512993328.085575 error: reporter/Log::WRITE

@megastef
Copy link

@RomanSilinenko you try --pid=host or --cap-add=NET_ADMIN or --privileged?

@RomanSilinenko
Copy link
Author

thanks @megastef, --privileged has helped. i see log files now in docker host folder.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@blacktop @megastef @RomanSilinenko