I have been reading the documentation and still cannot work out how to get the IBM/Secure-Gateway-client to run with an ACL file option within docker.
I have pulled the client docker image, and have been using the following syntax:
bash -c 'nohup docker run ibmcom/secure-gateway-client --F aclfile.txt xxx_stage_ng > tmp/run_sgc.log 2>&1 &'
All I get in the log is the following:
[2015-09-30 11:30:41.764] [ERROR] An exception occurred reading or processing the ACL file, error is Error: ENOENT, no such file or directory 'aclfile.txt'
[2015-09-30 11:30:41.764] [WARN] The ACL has been set to DENY ALL until this is fixed.
[2015-09-30 11:30:43.779] [INFO] The Secure Gateway tunnel is connected
I have given the full path to the file, no path (as above) and any interim option I can think of. The container runs, but not with the options I want to specify in the ACL file.
This is what I did:
1) Created a Dockerfile to include the aclfile.txt
FROM ibmcom/secure-gateway-client
ADD aclfile.txt /tmp/aclfile.txt
2) Built a new docker image
docker build -t ads-secure-gateway-client .
3) Run new docker image (need to specify -t and -i options, otherwise would get error file not found):
docker run -t -i ads-secure-gateway-client --F /tmp/aclfile.txt
4) Got the following output:
[2015-09-30 16:50:32.084] [INFO] The current access control list is being reset and replaced by the user provided batch file: /tmp/aclfile.txt
[2015-09-30 16:50:32.086] [INFO] The ACL batch file process accepts acl allow :8000
[2015-09-30 16:50:32.087] [INFO] The ACL batch file process accepts acl deny localhost:22
I hope that helps.