Bug#865975: docker.io breaks (bridged) network for VMs

Mon, 26 Jun 2017 02:22:18 -0700 

Package: docker.io
Version: 1.13.1~ds1-2
Severity: critical
Tags: upstream
Justification: breaks unrelated software

Dear Maintainer,

* What led up to the situation?
Any docker command like "docker images"

* What was the outcome of this action?
Network breaks for all libvirt VMs (i.e., they are not able to ping each
other, or public domains, and after a reboot they do not get an IP via
dhcp). The VMs are connected to a bridge (br0):

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth2
#iface eth2 inet dhcp
# This is an autoconfigured IPv6 interface
#iface eth2 inet6 auto

auto br0
iface br0 inet dhcp
        bridge_ports eth2
        # bridge_stp on
        bridge_maxwait 0
        bridge_fd 0

I don't have any firewall/iptables rules on my machine.

* What outcome did you expect instead?
That networking still works (as it did with older docker versions).

The situation can be fixed via "iptables -I FORWARD -i br0 -o br0 -j ACCEPT".
Before that I saw "Chain FORWARD (policy drop 3493 packests, 829K bytes)". 
Therefore, I assume that docker messages with the chains.


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (700, 'stable'), (600, 'unstable'), (550, 'experimental'), (500, 
'stable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages docker.io depends on:
ii  adduser              3.115
ii  containerd           0.2.3+git20170126.85.aa8187d~ds1-1
ii  golang-libnetwork    0.8.0-dev.2+git20170202.599.45b4086-1
ii  init-system-helpers  1.48
ii  iptables             1.6.0+snapshot20161117-6
ii  libapparmor1         2.11.0-3
ii  libc6                2.24-11
ii  libdevmapper1.02.1   2:1.02.137-2
ii  libsqlite3-0         3.16.2-4
ii  libsystemd0          232-24
ii  lsb-base             9.20161125
ii  runc                 1.0.0~rc2+git20170201.133.9df8b30-1

Versions of packages docker.io recommends:
ii  ca-certificates  20161130+nmu1
ii  cgroupfs-mount   1.3
ii  git              1:2.11.0-3
ii  xz-utils         5.2.2-1.2+b1

Versions of packages docker.io suggests:
pn  aufs-tools           <none>
pn  btrfs-progs          <none>
ii  debootstrap          1.0.89
pn  docker-doc           <none>
pn  rinse                <none>
pn  zfs-fuse | zfsutils  <none>

-- Configuration Files:
/etc/default/docker changed:
DOCKER_OPTS="--storage-driver=devicemapper -H unix:///var/run/docker.sock"


-- no debconf information

Reply via email to