docker-dnsmasq icon indicating copy to clipboard operation
docker-dnsmasq copied to clipboard

Published 20 hours ago verified publisher icon tschaffter

dnsmasq: failed to create listening socket for port 53: Permission denied

Open chrisawad opened this issue 2 years ago • 3 comments

Docker version 24.0.5, build ced0996 running on a CentOS 7.9 host.

docker compose up -d

... dnsmasq: failed to create listening socket for port 53: Permission denied ...

Setting host networking and port=5353 in the config file works, but 53 is the one I want. Nothing else is bound to port 53. Any suggestions?

chrisawad avatar Oct 02 '23 18:10 chrisawad

Is the error happening inside the container or on the host? My guess is that the user that runs docker compose up -d may not have the permission to start a process that listens to one of the privileged ports (0-1023). Could that be the reason?

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature.

Source: Privileged ports

tschaffter avatar Oct 02 '23 21:10 tschaffter

Everything is being run as root so it's not that. Also I think CentOS 7 doesn't limit privileged ports like newer distros do. I've added the cap_add parameters for ALL and added privileged=true, and it didn't help.

I'm really not sure what it could be.

On Mon, Oct 2, 2023, 5:51 PM Thomas Schaffter @.***> wrote:

Is the error happening inside the container or on the host? My guess is that the user that runs docker compose up -d may not have the permission to start a process that listen to one of the privileged ports (0-1023). Could that be the reason?

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feature.

Source: Privileged ports https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html

— Reply to this email directly, view it on GitHub https://github.com/tschaffter/docker-dnsmasq/issues/39#issuecomment-1743821383, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPDG5LTD7I2EKZECTXQORTX5MZPXAVCNFSM6AAAAAA5PZZXXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONBTHAZDCMZYGM . You are receiving this because you authored the thread.Message ID: @.***>

chrisawad avatar Oct 02 '23 23:10 chrisawad

I am using it like this: I hope this helps.

https://nickjanetakis.com/blog/binding-to-low-ports-as-a-non-root-user-with-docker-and-kubernetes

    ports:
      - '53:53/udp'
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0

pruge avatar Feb 04 '24 13:02 pruge