Hi,
Is there any way to run haproxy as non-root with a backend configured inside the namespace?
I tried to setcap cap_sys_admin+ep /usr/sbin/haproxy but it didn’t help.
If I start haproxy with user ‘haproxy’ then it is not able to open connections to the backend servers located within namespace:
setns(5, CLONE_NEWNET) = -1 EPERM (Operation not permitted)
gettimeofday({1495561253, 588872}, NULL) = 0
If I run haproxy as root - everything works.
My config:
frontend netns1_fend
log global
mode tcp
option tcplog
bind 1.2.3.4:443 namespace netns1
bind 1.2.4.4:443 namespace netns1
default_backend netns1_bend
backend netns1_bend
mode tcp
option tcplog
option tcp-check
server h1 172.16.1.219:443 check namespace netns1
server h2 172.16.1.90:443 check namespace netns1