You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/images/docker-wireshark.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,6 +63,8 @@ By default, this container has no authentication. The optional `CUSTOM_USER` and
63
63
64
64
The web interface includes a terminal with passwordless `sudo` access. Any user with access to the GUI can gain root control within the container, install arbitrary software, and probe your local network.
65
65
66
+
While not generally recommended, certain legacy environments specifically those with older hardware or outdated Linux distributions may require the deactivation of the standard seccomp profile to get containerized desktop software to run. This can be achieved by utilizing the `--security-opt seccomp=unconfined` parameter. It is critical to use this option only when absolutely necessary as it disables a key security layer of Docker, elevating the potential for container escape vulnerabilities.
67
+
66
68
### Options in all Selkies-based GUI containers
67
69
68
70
This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies), which provides the following environment variables and run configurations to customize its functionality.
@@ -174,8 +176,6 @@ services:
174
176
container_name: wireshark
175
177
cap_add:
176
178
- NET_ADMIN
177
-
security_opt:
178
-
- seccomp:unconfined #optional
179
179
network_mode: host
180
180
environment:
181
181
- PUID=1000
@@ -186,6 +186,7 @@ services:
186
186
ports:
187
187
- 3000:3000#optional
188
188
- 3001:3001#optional
189
+
shm_size: "1gb"
189
190
restart: unless-stopped
190
191
```
191
192
@@ -196,13 +197,13 @@ docker run -d \
196
197
--name=wireshark \
197
198
--net=host \
198
199
--cap-add=NET_ADMIN \
199
-
--security-opt seccomp=unconfined `#optional` \
200
200
-e PUID=1000 \
201
201
-e PGID=1000 \
202
202
-e TZ=Etc/UTC \
203
203
-p 3000:3000 `#optional` \
204
204
-p 3001:3001 `#optional` \
205
205
-v /path/to/wireshark/config:/config \
206
+
--shm-size="1gb" \
206
207
--restart unless-stopped \
207
208
lscr.io/linuxserver/wireshark:latest
208
209
```
@@ -242,7 +243,7 @@ Containers are configured using parameters passed at runtime (such as those abov
242
243
243
244
| Parameter | Function |
244
245
| :-----: | --- |
245
-
|`--security-opt seccomp=unconfined`|For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. |
246
+
|`--shm-size=`|Recommended for all desktop images. |
246
247
|`--cap-add=NET_ADMIN`| Required to allow packet capture. |
0 commit comments