Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1023865: docker.io: docker build breaks breaks host network
100 views
Skip to first unread message
ChangZhuo Chen
Nov 11, 2022, 12:21:07 PM11/11/22
to
Package: docker.io
Version: 20.10.19+dfsg1-1
Severity: normal
Hi,
When using `docker build`, my host network, and container network are
both down. This problem make `docker build` useless since it cannot
download necessary artifacts to build image anymore. The problematic
docker file is https://github.com/apache/flink-docker/blob/master/1.16/scala_2.12-java11-ubuntu/Dockerfile.
However, other Dockerfile can also reprocedure the issue.
The problem might be caused by additinoal routing table record added by
docker. The following is normal `route` output:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
And the following is `route` output when `docker build` is running:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 veth7e48846
default 0.0.0.0 0.0.0.0 U 0 0 0 veth7e48846
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 veth7e48846
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
The new entry for default destination might cause the problem.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-0-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages docker.io depends on:
ii adduser 3.129
ii containerd 1.6.9~ds1-1
ii init-system-helpers 1.65.2
ii iptables 1.8.8-1
ii libc6 2.36-4
ii libdevmapper1.02.1 2:1.02.185-2
ii libsystemd0 252.1-1
ii runc 1.1.4+ds1-1
ii sysvinit-utils [lsb-base] 3.05-7
ii tini 0.19.0-1
Versions of packages docker.io recommends:
ii apparmor 3.0.7-1+b1
ii ca-certificates 20211016
ii cgroupfs-mount 1.4
ii git 1:2.38.1-1
ii needrestart 3.6-2
ii xz-utils 5.2.7-0.1
Versions of packages docker.io suggests:
pn aufs-tools <none>
pn btrfs-progs <none>
ii debootstrap 1.0.128+nmu2
pn docker-doc <none>
ii e2fsprogs 1.46.6~rc1-1+b1
pn rinse <none>
pn rootlesskit <none>
pn xfsprogs <none>
pn zfs-fuse | zfsutils-linux <none>
-- no debconf information
--
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
http://czchen.info/
Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
Version: 20.10.19+dfsg1-1
Severity: normal
Hi,
When using `docker build`, my host network, and container network are
both down. This problem make `docker build` useless since it cannot
download necessary artifacts to build image anymore. The problematic
docker file is https://github.com/apache/flink-docker/blob/master/1.16/scala_2.12-java11-ubuntu/Dockerfile.
However, other Dockerfile can also reprocedure the issue.
The problem might be caused by additinoal routing table record added by
docker. The following is normal `route` output:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
And the following is `route` output when `docker build` is running:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 veth7e48846
default 0.0.0.0 0.0.0.0 U 0 0 0 veth7e48846
default _gateway 0.0.0.0 UG 600 0 0 wlp3s0
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 veth7e48846
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
The new entry for default destination might cause the problem.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-0-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages docker.io depends on:
ii adduser 3.129
ii containerd 1.6.9~ds1-1
ii init-system-helpers 1.65.2
ii iptables 1.8.8-1
ii libc6 2.36-4
ii libdevmapper1.02.1 2:1.02.185-2
ii libsystemd0 252.1-1
ii runc 1.1.4+ds1-1
ii sysvinit-utils [lsb-base] 3.05-7
ii tini 0.19.0-1
Versions of packages docker.io recommends:
ii apparmor 3.0.7-1+b1
ii ca-certificates 20211016
ii cgroupfs-mount 1.4
ii git 1:2.38.1-1
ii needrestart 3.6-2
ii xz-utils 5.2.7-0.1
Versions of packages docker.io suggests:
pn aufs-tools <none>
pn btrfs-progs <none>
ii debootstrap 1.0.128+nmu2
pn docker-doc <none>
ii e2fsprogs 1.46.6~rc1-1+b1
pn rinse <none>
pn rootlesskit <none>
pn xfsprogs <none>
pn zfs-fuse | zfsutils-linux <none>
-- no debconf information
--
ChangZhuo Chen (陳昌倬) czchen@{czchen,debian}.org
http://czchen.info/
Key fingerprint = BA04 346D C2E1 FE63 C790 8793 CC65 B0CD EC27 5D5B
Shengjing Zhu
Nov 11, 2022, 12:50:04 PM11/11/22
to
Control: tags + moreinfo unreproducible
On Sat, Nov 12, 2022 at 1:15 AM ChangZhuo Chen <czc...@debian.org> wrote:
>
> Package: docker.io
> Version: 20.10.19+dfsg1-1
> Severity: normal
>
> Hi,
>
> When using `docker build`, my host network, and container network are
> both down. This problem make `docker build` useless since it cannot
> download necessary artifacts to build image anymore. The problematic
> docker file is https://github.com/apache/flink-docker/blob/master/1.16/scala_2.12-java11-ubuntu/Dockerfile.
> However, other Dockerfile can also reprocedure the issue.
>
> The problem might be caused by additinoal routing table record added by
> docker. The following is normal `route` output:
>
`docker build` uses the default docker network(usually the docker0
bridge). It won't do anything to the routing table during `docker
build`.
You must have some other configurations for the host network or your
docker setup.
--
Shengjing Zhu
On Sat, Nov 12, 2022 at 1:15 AM ChangZhuo Chen <czc...@debian.org> wrote:
>
> Package: docker.io
> Version: 20.10.19+dfsg1-1
> Severity: normal
>
> Hi,
>
> When using `docker build`, my host network, and container network are
> both down. This problem make `docker build` useless since it cannot
> download necessary artifacts to build image anymore. The problematic
> docker file is https://github.com/apache/flink-docker/blob/master/1.16/scala_2.12-java11-ubuntu/Dockerfile.
> However, other Dockerfile can also reprocedure the issue.
>
> The problem might be caused by additinoal routing table record added by
> docker. The following is normal `route` output:
>
bridge). It won't do anything to the routing table during `docker
build`.
You must have some other configurations for the host network or your
docker setup.
--
Shengjing Zhu
ChangZhuo Chen
Nov 13, 2022, 2:30:05 PM11/13/22
to
Control: reassign -1 connman
Control: tags - moreinfo unreproducible
The problem is fixed by removing connman. connman seem to wrongly assign
IP address to bridge port interface (e.g. veth??????), and this causes
problem in host network.
This issue is similar to [0].
[0] https://unix.stackexchange.com/q/648084/11640
Control: tags - moreinfo unreproducible
The problem is fixed by removing connman. connman seem to wrongly assign
IP address to bridge port interface (e.g. veth??????), and this causes
problem in host network.
This issue is similar to [0].
[0] https://unix.stackexchange.com/q/648084/11640
Shengjing Zhu
Nov 14, 2022, 2:40:03 AM11/14/22
to
Control: retitle -1 connman should ignore veth interface
On Mon, Nov 14, 2022 at 03:16:46AM +0800, ChangZhuo Chen (陳昌倬) wrote:
> Control: reassign -1 connman
> Control: tags - moreinfo unreproducible
>
> The problem is fixed by removing connman. connman seem to wrongly assign
> IP address to bridge port interface (e.g. veth??????), and this causes
> problem in host network.
>
> This issue is similar to [0].
>
> [0] https://unix.stackexchange.com/q/648084/11640
>
So connman should have something like:
https://salsa.debian.org/utopia-team/network-manager/-/blob/debian/master/data/85-nm-unmanaged.rules
On Mon, Nov 14, 2022 at 03:16:46AM +0800, ChangZhuo Chen (陳昌倬) wrote:
> Control: reassign -1 connman
> Control: tags - moreinfo unreproducible
>
> The problem is fixed by removing connman. connman seem to wrongly assign
> IP address to bridge port interface (e.g. veth??????), and this causes
> problem in host network.
>
> This issue is similar to [0].
>
> [0] https://unix.stackexchange.com/q/648084/11640
>
https://salsa.debian.org/utopia-team/network-manager/-/blob/debian/master/data/85-nm-unmanaged.rules
Shengjing Zhu
Nov 14, 2022, 3:00:03 AM11/14/22
to
https://wiki.archlinux.org/title/ConnMan#Blacklist_interfaces
0 new messages