Snort3 docker container cannot start DAQ with "permission denied" on interface

Question

I have installed snort3 via the official docker container. When I use docker cp to copy in pcap files snort scans the pcaps just fine. However, when running IDS mode snort fails to read packets for the interface in a permission denied error (relating to DAQ). I have run the container with --network="host" --privileged,modified SELinux to allow snort and other systems permissions. Nothing seems to work to remedy this permissions error.

Answer 1

So I solved this issue in the meantime, it's a container user permissions issue within the container. The official docker hub page of snort says to run the container as a daemon and then enter the container with ($ docker exec -it snort3 bash), however, what worked for me was ($ docker exec -it -u root snort3 bash) .Entering the container as root does not allow the binary snort to be executed so you'll have to navigate to the snort script in the snort bin file and run snort manually ie. ./snort [options] /// Otherwise you can change the user and group permissions in the container to fix the issue in the long run.