How can we add capabilities to a running docker container?

Question

Is it possible to add a capability (for ex: NET_ADMIN) after the container has actually started?

I started a container few days ago and a service provided by it is b

Answer 1

No, you cannot modify the capabilities of a running container. These can only be defined when you first create or run (which is just a create+start) the container. You'll need to create a new container with the desired capabilities.

I should point out that you can assign additional network interfaces to a running container with docker network connect, but I'm not aware of any loopback drivers you could use to solve your issue using this technique.

Answer 2

you can run commands inside a running container using docker exec -it {container_id} /bin/bash. It will create a bash for you that you can run commands with. but generally it's not a good practice to have modifications on image states since it removes the portability of images.

Answer 3

VanagaS

1.Stop Container:

docker stop yourcontainer;

2.Get container id:

docker inspect yourcontainer;

3.Modify hostconfig.json(default docker path:/var/lib/docker, you can change yours)

vim /var/lib/docker/containers/containerid/hostconfig.json

4.Search "CapAdd", and modify null to ["NET_ADMIN"];

....,"VolumesFrom":null,"CapAdd":["NET_ADMIN"],"CapDrop":null,....

5.Restart docker in host machine;

service docker restart;

6.Start yourconatiner;

docker start yourcontainer;

it work for me, enjoy it.