We’re storing Kea configurations in GitLab, and would like to use CI/CD to
validate them before pushing out to our servers. I can run “kea-dhcp4 -T
<file>” in a docker container on my desktop fine, but get an “Operation Not
Permitted” error when doing the same through GitLab. It appears that GitLab
CI/CD runners have additional restrictions in place, including dropping the
NET_RAW capability. I can reproduce the error by running docker with
“--cap-drop NET_RAW”.
This all makes sense, CI/CD tasks shouldn’t be opening raw sockets. Except that
we get the same error even after configuring "dhcp-socket-type": "udp". I even
removed all the interfaces from the configuration ("interfaces": []) as an
extra step.
It seems that kea is trying to open a raw socket no matter what. Any reason
why? Any other tricks to prevent this error when testing the configuration?
Thanks!
Norman
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
