Is there a simple reason why running tcpdump on a container does not output results until one hits ctrl-c? I can write to a file and then read the file, but stdout does not seem to be available while tcpdump is running.
Thanks.
John
It seems to be a problem with ubuntu images, both 18.04 and 18.10. In debian/9 tcpdump works without delay.
Yes, the reason is AppArmor handling console output a bit funny for applications that are mediated by it.
tcpdump is one such process which uses an AppArmor profile and so runs into that problem.
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236
One option is to unload that particular apparmor profile inside your container, that should fix it.
Another option is to run tcpdump with the -l flag. I came across this issue the other day and using that flag solved it.
I wasnt running it inside an LXC container, but just inside another standalone network namespace on Ubuntu 18.04, but it feels very similar to what you describe.
tomp, thanks for this. That works.