You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -80,6 +80,8 @@ By default, this container has no authentication. The optional `CUSTOM_USER` and
80
80
81
81
The web interface includes a terminal with passwordless `sudo` access. Any user with access to the GUI can gain root control within the container, install arbitrary software, and probe your local network.
82
82
83
+
While not generally recommended, certain legacy environments specifically those with older hardware or outdated Linux distributions may require the deactivation of the standard seccomp profile to get containerized desktop software to run. This can be achieved by utilizing the `--security-opt seccomp=unconfined` parameter. It is critical to use this option only when absolutely necessary as it disables a key security layer of Docker, elevating the potential for container escape vulnerabilities.
84
+
83
85
### Options in all Selkies-based GUI containers
84
86
85
87
This container is based on [Docker Baseimage Selkies](https://github.com/linuxserver/docker-baseimage-selkies), which provides the following environment variables and run configurations to customize its functionality.
@@ -189,8 +191,6 @@ services:
189
191
container_name: wireshark
190
192
cap_add:
191
193
- NET_ADMIN
192
-
security_opt:
193
-
- seccomp:unconfined #optional
194
194
network_mode: host
195
195
environment:
196
196
- PUID=1000
@@ -201,6 +201,7 @@ services:
201
201
ports:
202
202
- 3000:3000#optional
203
203
- 3001:3001#optional
204
+
shm_size: "1gb"
204
205
restart: unless-stopped
205
206
```
206
207
@@ -211,13 +212,13 @@ docker run -d \
211
212
--name=wireshark \
212
213
--net=host \
213
214
--cap-add=NET_ADMIN \
214
-
--security-opt seccomp=unconfined `#optional` \
215
215
-e PUID=1000 \
216
216
-e PGID=1000 \
217
217
-e TZ=Etc/UTC \
218
218
-p 3000:3000 `#optional` \
219
219
-p 3001:3001 `#optional` \
220
220
-v /path/to/wireshark/config:/config \
221
+
--shm-size="1gb" \
221
222
--restart unless-stopped \
222
223
lscr.io/linuxserver/wireshark:latest
223
224
```
@@ -235,7 +236,7 @@ Containers are configured using parameters passed at runtime (such as those abov
235
236
|`-e PGID=1000`| for GroupID - see below for explanation |
236
237
|`-e TZ=Etc/UTC`| specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
237
238
|`-v /config`| Users home directory in the container, stores program settings and potentially dump files. |
238
-
|`--security-opt seccomp=unconfined`|For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker. |
239
+
|`--shm-size=`|Recommended for all desktop images. |
239
240
|`--cap-add=NET_ADMIN`| Required to allow packet capture. |
- {external_port: "3000", internal_port: "3000", port_desc: "WireShark desktop gui HTTPS, must be proxied."}
30
30
- {external_port: "3001", internal_port: "3001", port_desc: "WireShark desktop gui HTTPS, only use this if you are not using host mode and sniffing Docker network traffic."}
31
-
opt_security_opt_param: true
32
-
opt_security_opt_param_vars:
33
-
- {run_var: "seccomp=unconfined", compose_var: "seccomp:unconfined", desc: "For Docker Engine only, many modern gui apps need this to function on older hosts as syscalls are unknown to Docker."}
31
+
custom_params:
32
+
- {name: "shm-size", name_compose: "shm_size", value: "1gb", desc: "Recommended for all desktop images."}
0 commit comments