add net_raw cap for bridge mode, seems to be not a default for podman on fedora

2024-12-04 21:40:43 +01:00 · 2022-01-31 11:58:07 +01:00 · 2022-01-31 11:58:07 +01:00 · c3ceacd36a
commit c3ceacd36a
parent 8579c1fde0
2 changed files with 6 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -36,7 +36,7 @@ or create an empty file with the network as name
 It is the implementation of the local network bridge [paper](https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/Bridge+your+ZeroTier+and+local+network+with+a+RaspberryPi)

    docker run --name zerotier-one --device=/dev/net/tun \
-      --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \
+      --cap-add=NET_ADMIN --cap-add=NET_RAW --cap-add=SYS_ADMIN \
      -v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotier:bridge

 That will start the zero-one, establish connection and build the bridge once the `zt` interface is up.
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@ -22,7 +22,7 @@ spec:
            - name: vol
              subPath: config
              mountPath: /mnt
-              
+
      containers:
      - name: zerotier
        image: zyclonite/zerotier:bridge
@ -40,13 +40,14 @@ spec:
          - name: tun
            readOnly: true
            mountPath: /dev/net/tun
-      
+
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
+            - NET_RAW
            - SYS_ADMIN
-      
+
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
@ -60,4 +61,4 @@ spec:
        - name: tun
          hostPath:
            path: /dev/net/tun
-            type: ''
+            type: ''