Hi,
I want to run packetbeat as non-root user because of security issue and I didn't find any solution how to do it.
I tried to use these securityContext settings and I received this error.
containers:
- name: packetbeat-dynamic
image: docker.elastic.co/beats/packetbeat-oss:8.3.1
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- NET_BIND_SERVICE
privileged: false
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
securityContext:
fsGroup: 1000
{"log.level":"error","@timestamp":"2022-07-28T11:47:13.831Z","log.origin":{"file.name":"instance/beat.go","file.line":1051},"message":"Exiting: sniffer loop failed: Error starting sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)","service.name":"packetbeat","ecs.version":"1.6.0"}
Exiting: sniffer loop failed: Error starting sniffer: any: You don't have permission to capture on that device (socket: Operation not permitted)
It works if I run it as root user like:
securityContext:
runAsUser: 0
capabilities:
add:
- NET_ADMIN
It also works if I run it as a privileged user, but as I understood it's almost the same as running it as root user
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: true
Is it possible to run it as non-root user?
Does anyone know how to do it? Any examples will be helpful
Thanks in advance!