Docker automatically mounts these host file systems into the container as read-only (for the sake of host security and stability) mount points; /sys /proc/sys /proc/sysrq-trigger /proc/irq /proc/bus
Edit this file: /var/lib/rancher/conf/cloud-config.d/user_config.yml and modify the hostname: parameter, or add it if missing. For instance: hostname: test.com
They are here: /var/lib/cattle/etc/cattle/dns/answers.json /var/lib/cattle/etc/cattle/metadata/answers.json The DNS answers file has specific entries detailing the answers to be provided to each querying container Rancher is aware of (and controls). Containers running outside of Rancher cannot query this server. The Rancher External DNS server can be used to overcome this. Containers using host-mode networking, using the io.rancher.container.dns: true label will receive the answers detailed in the «default» section. DNS services are provided by the Rancher DNS server which runs on each host in the Network Agent container.
To minimise the privileges you assign to a Linux container, to increase security and minimise risk, Linux capabilities should be used instead of granting full root privileges. These provide the least privilege necessary. Here’s the capabilities required by contemporary network applications. HAProxy : None Pacemaker & Corosync : NET_ADMIN and NET_BROADCAST Keepalived : NET_ADMIN and NET_BROADCAST Mounting NFS : SYS_ADMIN Mounting SMB : CAP_SYS_ADMIN and CAP_DAC_READ_SEARCH Note: You should omit any leading CAP_ when specifiying capabilities in a Docker Compose file or with the docker run command.