The packetbeat docker image normally requires that the flag
--cap-add=NET_ADMIN be passed in order to capture packets. This is understandable and expected when packet capture is actually being performed, however the docker command fails if that permission is not provided even for the
/usr/local/bin/docker-entrypoint: line 13: /usr/share/packetbeat/packetbeat: Operation not permitted
Is there any way to execute the
setup command without providing the docker container with elevated privileges? I want to perform the setup in a cluster with limited access and don't want to give the container these permissions where it should not be necessary.