Package: docker.io
Version: 20.10.24+dfsg1-1+b3
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
* What led up to the situation?
installed docker.io with existing qemu guests in bridge mode, did not do
anything else.
* What was the outcome of this action?
qemu guests lost internet
* What outcome did you expect instead?
qemu guests should still have internet OR the installer should notice that
other bridge users already exist and show a big fat warning.
Also, uninstalling docker.io should restore the original situation which it
does not.
In dmesg I found
Bridge firewalling registered
Initializing XFRM netlink socket
It seems this is what docker.io does.
I can fix the problem by disabling sysctl net.bridge.bridge-nf-
call-{ip6tables,iptables,arptables}
Found the solution here:
https://wiki.libvirt.org/Net.bridge.bridge-nf-call_and_sysctl.conf.html
apt remove --purge does NOT fix the problem, an additional reboot is needed.
In the attachment please find networking info before installing docker.io
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.61-169 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages docker.io depends on:
ii adduser 3.134
ii containerd 1.6.20~ds1-1+b1
ii init-system-helpers 1.65.2
ii iptables 1.8.9-2
ii libc6 2.36-9+deb12u3
ii libdevmapper1.02.1 2:1.02.185-2
ii libsystemd0 252.19-1~deb12u1
ii lsb-base 11.6
ii runc 1.1.5+ds1-1+b1
ii sysvinit-utils [lsb-base] 3.06-4
ii tini 0.19.0-1
Versions of packages docker.io recommends:
ii apparmor 3.0.8-3
ii ca-certificates 20230311
ii cgroupfs-mount 1.4
ii git 1:2.39.2-1.1
ii needrestart 3.6-4
ii xz-utils 5.4.1-0.2
Versions of packages docker.io suggests:
pn aufs-tools <none>
ii btrfs-progs 6.2-1
ii debootstrap 1.0.128+nmu2+deb12u1
pn docker-doc <none>
ii e2fsprogs 1.47.0-2
pn rinse <none>
pn rootlesskit <none>
ii xfsprogs 6.1.0-1
pn zfs-fuse | zfsutils-linux <none>
-- no debconf information
==== ip r ======
default via 10.210.30.1 dev br0 onlink
10.210.30.0/24 dev br0 proto kernel scope link src 10.210.30.3
==== ip a ======
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: lan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0
state UP group default qlen 1000
link/ether 50:eb:f6:2c:3f:74 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group
default qlen 1000
link/ether 1a:12:4d:40:d2:62 brd ff:ff:ff:ff:ff:ff
inet 10.210.30.3/24 brd 10.210.30.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::1812:4dff:fe40:d262/64 scope link
valid_lft forever preferred_lft forever
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0
state UNKNOWN group default qlen 1000
link/ether fe:54:00:51:71:5c brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe51:715c/64 scope link
valid_lft forever preferred_lft forever
5: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0
state UNKNOWN group default qlen 1000
link/ether fe:54:00:7f:ef:9d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe7f:ef9d/64 scope link
valid_lft forever preferred_lft forever
==== iconfig -a ======
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.210.30.3 netmask 255.255.255.0 broadcast 10.210.30.255
inet6 fe80::1812:4dff:fe40:d262 prefixlen 64 scopeid 0x20<link>
ether 1a:12:4d:40:d2:62 txqueuelen 1000 (Ethernet)
RX packets 42346 bytes 6405978 (6.1 MiB)
RX errors 0 dropped 375 overruns 0 frame 0
TX packets 28794 bytes 237355775 (226.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 50:eb:f6:2c:3f:74 txqueuelen 1000 (Ethernet)
RX packets 44272 bytes 8116108 (7.7 MiB)
RX errors 0 dropped 18 overruns 0 frame 0
TX packets 179833 bytes 247674510 (236.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Lokale Schleife)
RX packets 3680 bytes 1535663 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3680 bytes 1535663 (1.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe51:715c prefixlen 64 scopeid 0x20<link>
ether fe:54:00:51:71:5c txqueuelen 1000 (Ethernet)
RX packets 2537 bytes 546915 (534.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4102 bytes 1511269 (1.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe7f:ef9d prefixlen 64 scopeid 0x20<link>
ether fe:54:00:7f:ef:9d txqueuelen 1000 (Ethernet)
RX packets 862 bytes 170086 (166.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1013 bytes 113136 (110.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
==== brctl show ======
bridge name bridge id STP enabled interfaces
br0 8000.1a124d40d262 no lan0
vnet0
vnet1
