Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tun not work inside Docker Container #2331

Open
4 of 5 tasks
Mon-ius opened this issue Dec 2, 2024 · 2 comments
Open
4 of 5 tasks

Tun not work inside Docker Container #2331

Mon-ius opened this issue Dec 2, 2024 · 2 comments

Comments

@Mon-ius
Copy link

Mon-ius commented Dec 2, 2024

Operating system

Linux

System version

Debian 12.8

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

no

Version

latest dev version

Description

The host works very well in tun mode with same install approach. However, with same install method and same config json file, the docker container shows FATAL[0000] start service: initialize inbound/tun[0]: configure tun interface: permission denied.

I can confirm I grant all necessary permission for the container with --privileged, --cap-add NET_ADMIN, --cap-add SYS_MODULE, and --device=/dev/net/tun.

Reproduction

Make sure inbounds has tun inside, for example,

    "inbounds": [
        {
            "type": "tun",
            "address": [
                "172.19.0.1/30",
                "fdfe:dcba:9876::1/126"
            ],
            "stack": "gvisor",
            "sniff": true,
            "auto_route": true,
            "sniff_override_destination": true,
            "strict_route": true,
            "gso": false
        }
    ]

Then starting a random docker with debian or ubuntu, for example,

sudo docker run --privileged --restart=always -itd \
    --name test_sb \
    --cap-add NET_ADMIN \
    --cap-add SYS_MODULE \
    --device=/dev/net/tun \
    debian

Then install singbox as suggested. Using above config in /etc/sing-box/config.json, inside the container, run sing-box -c /etc/sing-box/config.json run .

You will see, FATAL[0000] start service: initialize inbound/tun[0]: configure tun interface: permission denied

Logs

No response

Supporter

Integrity requirements

  • I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
  • I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
  • I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
  • I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
@yyiu
Copy link

yyiu commented Dec 6, 2024

https://registry.hub.docker.com/r/gzxhwq/sing-box/tags

@Mon-ius
Copy link
Author

Mon-ius commented Dec 8, 2024

https://registry.hub.docker.com/r/gzxhwq/sing-box/tags

The tun mode not works either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yyiu @Mon-ius