lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

fix: add NET_RAW capability to LND container for TLS cert generation
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Has been cancelled
Details
Container Orchestration Tests / unit-tests (push) Has been cancelled
Details
Container Orchestration Tests / smoke-tests (push) Has been cancelled
Details

Browse Source 
LND crashes with "netlinkrib: address family not supported by protocol"
in rootless podman because it needs NET_RAW to enumerate network
interfaces during TLS certificate generation. Added to capabilities
in config.rs, first-boot-containers.sh, and container-specs.sh.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-31 23:19:09 +01:00
parent 22609abd64
commit 6cad154028
3 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/first-boot-containers.sh
View File

@@ -607,7 +607,7 @@ LNDCONF
$DOCKER run -d --name lnd --restart unless-stopped \
--health-cmd="curl -sf --insecure https://localhost:8080/v1/getinfo || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
--memory=$(mem_limit lnd) --network archy-net \
--cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
--cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE --cap-add NET_RAW \
--security-opt no-new-privileges:true \
-p 9735:9735 -p 10009:10009 -p 8080:8080 \
-v /var/lib/archipelago/lnd:/root/.lnd \