Couldn't run /usr/bin/dumpcap in child process: Operation not permitted

Question

Couldn't run /usr/bin/dumpcap in child process: Operation not permitted

max-len opened this issue 3 years ago · 1 comments

On Ubuntu 20.04.3 LTS (Focal Fossa) / k8s client v1.21.5 server 1.20.8 / docker://20.10.11
with invocation docker run -it nicolaka/netshoot
and
Ubuntu 20.10 (Groovy Gorilla) / Docker version 20.10.7, build f0df350
with invocation kubectl run tmp-shell --rm -i --tty --overrides='{"spec": {"hostNetwork": true}}' --image nicolaka/netshoot -- /bin/bash

 6d6e1772e365  ~  tshark -i eth0
Capturing on 'eth0'
tshark: Couldn't run /usr/bin/dumpcap in child process: Operation not permitted

0 packets captured

addgroup root wireshark and chmod a+x /usr/bin/dumpcap doesn't help
solved with chown root:root /usr/bin/dumpcap
tried both inside container and build time change

IMO wireshark group permissions are not relevant for temporary container based troubleshooting i.e. the fix is suitable for release. Let me know if you want a PR.

Answer 1 · 2022-04-05T04:18:51.000Z

@max-len yes please raise a PR.