Hi folks. I've been asking this everywhere and not getting any responses, and so this is my last hope.
I want to use iptables to match based on UID for running container, and I’m using DSCP tagging for this (and I have configured the container to run as the user). But I’m afraid I don’t know ip tables all that well, and understand what docker does to iptables even less. I hope someone can help.
This is what I was doing before using docker to DSCP tag my application by running user: sudo iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner transmission -j DSCP --set-dscp 0x10
I’m afraid now I don’t know how to replicate this functionality.
Indeed, processes running under user “transmission” that are not running in docker do indeed get tagged properly.