Description
When using the restart: always policy in combination with network_mode: "container:<container_name>", containers can fail to start after a reboot or Docker daemon restart if the target container is not yet running. This results in errors like:
Error response from daemon: cannot join network namespace of a non running container: container <container_name> is exited
This seems to be a race condition depending on the startup order of containers after a system reboot or Docker restart. Even with restart: always, containers relying on another container’s network namespace may end up permanently exited unless manually restarted.
Reproduce
- Create a "network host" container:
services:
net-host:
image: alpine
command: sleep infinity
restart: always
- Create another container that uses the first container’s network namespace:
services:
net-client:
image: alpine
command: sleep infinity
network_mode: "container:net-host"
restart: always
-
Deploy the stack or start both containers with Docker Compose or manually.
-
Reboot the host or restart the Docker daemon:
sudo systemctl restart docker
Expected behavior
All containers with restart: always should come back up reliably, respecting dependencies implied by network_mode.
docker version
Client: Docker Engine - Community
Version: 28.3.1
API version: 1.51
Go version: go1.24.4
Git commit: 38b7060
Built: Wed Jul 2 20:56:22 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.3.1
API version: 1.51 (minimum version 1.24)
Go version: go1.24.4
Git commit: 5beb93d
Built: Wed Jul 2 20:56:22 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.27
GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da
runc:
Version: 1.2.5
GitCommit: v1.2.5-0-g59923ef
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 28.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.25.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.38.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 5
Running: 4
Paused: 0
Stopped: 1
Images: 38
Server Version: 28.3.1
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
runc version: v1.2.5-0-g59923ef
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.8.0-60-generic
Operating System: Ubuntu 22.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.02GiB
Name: adrien-Latitude-5420
ID: RGG6:FFJ6:VQQE:4GZH:AJCY:YEHD:ZMEW:47X4:KEBD:NAJZ:265M:BCFE
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
No response
Description
When using the
restart: alwayspolicy in combination with network_mode: "container:<container_name>", containers can fail to start after a reboot or Docker daemon restart if the target container is not yet running. This results in errors like:Error response from daemon: cannot join network namespace of a non running container: container <container_name> is exitedThis seems to be a race condition depending on the startup order of containers after a system reboot or Docker restart. Even with
restart: always, containers relying on another container’s network namespace may end up permanently exited unless manually restarted.Reproduce
Deploy the stack or start both containers with Docker Compose or manually.
Reboot the host or restart the Docker daemon:
sudo systemctl restart dockerExpected behavior
All containers with
restart: alwaysshould come back up reliably, respecting dependencies implied by network_mode.docker version
Client: Docker Engine - Community Version: 28.3.1 API version: 1.51 Go version: go1.24.4 Git commit: 38b7060 Built: Wed Jul 2 20:56:22 2025 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 28.3.1 API version: 1.51 (minimum version 1.24) Go version: go1.24.4 Git commit: 5beb93d Built: Wed Jul 2 20:56:22 2025 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.27 GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da runc: Version: 1.2.5 GitCommit: v1.2.5-0-g59923ef docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response