Description
A container running with --net=host has {"type":"network","path":"/var/run/docker/netns/default"} in the .linux.namespaces field of OCI Runtime Config, but this shouldn't be needed
Reproduce
$ docker run --net=host ...
$ jq .linux.namespaces < /run/containerd/io.containerd.runtime.v2.task/moby/5de6ff74780ab5e299f6e5c2e92f5224e26eaece301e6f24d8b93ef7d366deb4/config.json
[
{
"type": "mount"
},
{
"type": "network",
"path": "/var/run/docker/netns/default"
},
{
"type": "uts"
},
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "cgroup"
}
]Expected behavior
The netns should be just left unspecified
docker version
Client: Docker Engine - Community
Version: 24.0.7
API version: 1.43
Go version: go1.20.10
Git commit: afdd53b
Built: Thu Oct 26 09:07:41 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.7
API version: 1.43 (minimum version 1.12)
Go version: go1.20.10
Git commit: 311b9ff
Built: Thu Oct 26 09:07:41 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.27
GitCommit: a1496014c916f9e62104b33d1bb5bd03b0858e59
runc:
Version: 1.1.11
GitCommit: v1.1.11-0-g4bccb38
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 24.0.7
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.21.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 24.0.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: a1496014c916f9e62104b33d1bb5bd03b0858e59
runc version: v1.1.11-0-g4bccb38
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-91-generic
Operating System: Ubuntu 22.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.814GiB
Name: lima-docker-rootful
ID: 25e8c1e6-194c-4775-8298-5efa72274f15
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
This refactoring will help supporting --net=host properly in rootless in future, with detach-netns mode containerd/nerdctl#2723 .
(The refactoring itself does not automatically support --net=host in rootless)
Description
A container running with
--net=hosthas{"type":"network","path":"/var/run/docker/netns/default"}in the.linux.namespacesfield of OCI Runtime Config, but this shouldn't be neededReproduce
Expected behavior
The netns should be just left unspecified
docker version
Client: Docker Engine - Community Version: 24.0.7 API version: 1.43 Go version: go1.20.10 Git commit: afdd53b Built: Thu Oct 26 09:07:41 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.7 API version: 1.43 (minimum version 1.12) Go version: go1.20.10 Git commit: 311b9ff Built: Thu Oct 26 09:07:41 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.27 GitCommit: a1496014c916f9e62104b33d1bb5bd03b0858e59 runc: Version: 1.1.11 GitCommit: v1.1.11-0-g4bccb38 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
This refactoring will help supporting
--net=hostproperly in rootless in future, with detach-netns mode containerd/nerdctl#2723 .(The refactoring itself does not automatically support
--net=hostin rootless)