Calling OpenConnect VPN client in docker container shows TUNSETIFF failed: Operation not permitted
By default, Docker containers are started with a reduced set of linux capabilities (see man capabilities
). The reduced set doesn't include some network related functionality (presumably so that containers can't sniff traffic from the host or other containers).
To start a container with full network capabilities, either explicitly add the SYS_NET_ADMIN
capability with --cap-add
argument e.g:
docker run -d --cap-add SYS_NET_ADMIN myimage
Or give the container the full set of privileges with --privileged
e.g:
docker run -d --privileged myimage