IPv6 disabled when creating a container with network set to none #42748
Description
Description
Creating a docker-container with --network=none and ipv6 enabled in the docker daemon configuration will result in a container with ipv6 disabled.
Steps to reproduce the issue:
- Enable ipv6 in docker configuration
{
"ipv6": true,
"fixed-cidr-v6": "fd00:ffff::/64",
}
- docker run -it --network=none debian:latest /bin/bash
- cat /proc/sys/net/ipv6/conf/all/disable_ipv6
Describe the results you received:
The disable_ipv6 is set to 1 and you cannot assign any IPv6 address to any interface created inside the container.
Describe the results you expected:
When having IPv6 enabled in the daemon configuration I would expect that a container with network=none nevertheless has IPv6 enabled inside the container.
Use-Case
I'm running a container which uses WireGuard as an internet uplink inside the container, as described here https://www.wireguard.com/netns/. Therefore, Docker doesn't need to create the default interface inside the docker-container, which can be disabled using network=none. However, I would like to assign an IPv6-address to the WireGuard interface which was moved to the network namespace of the docker-container. This isn't possible because IPv6 is disabled by default.
Workaround
It's possible to enable ipv6 using echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6, when the container is running privileged, which isn't always possible.
Additional information you deem important (e.g. issue happens only occasionally):
This behavior might be caused by this method call, which set disable_ipv6 for the all configuration when the network sandbox is created: https://github.com/moby/moby/blob/master/libnetwork/osl/namespace_linux.go#L242
Output of docker version:
Client: Docker Engine - Community
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:56:47 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:54:58 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.8
GitCommit: 7eba5930496d9bbe375fdf71603e610ad737d2b2
runc:
Version: 1.0.0
GitCommit: v1.0.0-0-g84113ee
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Output of docker info:
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 10
Running: 1
Paused: 0
Stopped: 9
Images: 21
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
runc version: v1.0.0-0-g84113ee
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.10.0-0.bpo.7-amd64
Operating System: Debian GNU/Linux 10 (buster)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.933GiB
Name: BA-GW-NS
ID: HFOY:OUC6:ZZTU:ABTV:B4OJ:QHFE:AOVM:NXJ6:JH7D:GF4P:TVAG:U47S
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 35
Goroutines: 46
System Time: 2021-08-15T22:27:11.44505391+02:00
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false