On 02/11/2016 01:29 AM, Farkas Levente wrote:
+[jperrin@ferrata ~]$ docker run -it centos ping -c 5 google.com
because this is the wrong way to test!!! please follow my description! in the above way you run ping as root, but you should have to run as a non-root user!
Okay, so here's the issue after yesterday's digging. It appears that virt-tar-out strips file capabilities, which results in a container with ping not working as you found. I can work around this by using tar directly, and passing --xattrs to preserve the capabilities data. This works if I import the tarball directly into docker, however this results in an archive that docker's ADD command does not recognize as a local tar archive for unpacking. Since the ADD command is crucial for the base container build process, this is a bit of a blocker.
This appears to be a bug in docker, and I'll be filing it upstream. However this leads us back to one of the two original fixes.
Until this is resolved upstream, I can either remove the package, or leave it in a partly broken state. Which would you prefer?