Use --cap-add=NET_ADMIN instead of --privileged

Ovpn doesn't need all the capabilities. https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration says: For interacting with the network stack, instead of using --privileged they should use --cap-add=NET_ADMIN to modify the network interfaces.
2014-10-06 10:07:27 +02:00 · 2014-10-06 10:07:27 +02:00 · 8c7d020074
commit 8c7d020074
parent a69ca8d65e
1 changed files with 6 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -15,6 +15,12 @@ OpenVPN server in a Docker container complete with an EasyRSA PKI CA.

 * Start OpenVPN server process

+    - On Docker [version 1.2](http://blog.docker.com/2014/08/announcing-docker-1-2-0/) and newer
+
+        docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
+
+    - On Docker older than 1.2 version
+
        docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn

 * Generate a client certificate without a passphrase