No connectivity to local networks under Sequoia
afoster opened this issue · 0 comments
afoster commented
Description
Hi, since upgrading to MacOS Sequoia (15.0.1 (24A348)) my containers under Docker Desktop have lost connectivity to other hosts on my LAN (192.168.2.0/24), despite being able to reach the Internet.
I do not have the MacOS firewall enabled and have tried toggling it on/off again.
I note that Docker has an enabled entry under System Settings > Privacy & Security > Local Network:
Following the same reproduction steps on another physical machine running Sonoma 14.6.1 does not present the same symptoms.
Reproduce
- Run sample container:
docker run -d -p 5050:5000 --restart always --name registry registry:2 - Demonstrate local network connectivity from host:
ping 192.168.2.128# I get ping replies - Demonstrate lack of network connectivity from within container to local network only
$ docker exec -it registry /bin/sh
/ # ping 192.168.2.128
PING 192.168.2.128 (192.168.2.128): 56 data bytes
^C
--- 192.168.2.128 ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
/ # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=63 time=7.017 ms
64 bytes from 1.1.1.1: seq=1 ttl=63 time=6.602 ms
64 bytes from 1.1.1.1: seq=2 ttl=63 time=6.131 ms
64 bytes from 1.1.1.1: seq=3 ttl=63 time=7.067 ms
^C
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.131/6.704/7.067 ms
Expected behavior
Connectivity from container to local network hosts should be unrestricted
docker version
Client:
Version: 27.2.0
API version: 1.47
Go version: go1.21.13
Git commit: 3ab4256
Built: Tue Aug 27 14:14:45 2024
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.34.2 (167172)
Engine:
Version: 27.2.0
API version: 1.47 (minimum version 1.24)
Go version: go1.21.13
Git commit: 3ab5c7d
Built: Tue Aug 27 14:15:41 2024
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.7.20
GitCommit: 8fc6bcff51318944179630522a095cc9dbf9f353
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client:
Version: 27.2.0
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.2-desktop.1
Path: /Users/andy/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.2-desktop.2
Path: /Users/andy/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.34
Path: /Users/andy/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Alpha) (Docker Inc.)
Version: v0.0.15
Path: /Users/andy/.docker/cli-plugins/docker-desktop
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/andy/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.25
Path: /Users/andy/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: /Users/andy/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.3.0
Path: /Users/andy/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/andy/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.13.0
Path: /Users/andy/.docker/cli-plugins/docker-scout
Server:
Containers: 47
Running: 2
Paused: 0
Stopped: 45
Images: 46
Server Version: 27.2.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.10.4-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 16
Total Memory: 5.787GiB
Name: docker-desktop
ID: d4ed030a-ab95-48a0-bbb9-a184d5b515be
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/andy/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
192.168.2.104:5050
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profileDiagnostics ID
AAFFD841-8CAD-4544-82AB-FDA8D17EF695/20241007045958
Additional Info
docker inspect output from sample container (the registry image)
[
{
"Id": "f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb",
"Created": "2024-10-07T03:43:49.855096135Z",
"Path": "/entrypoint.sh",
"Args": [
"/etc/docker/registry/config.yml"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1220,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-10-07T04:56:28.941581296Z",
"FinishedAt": "2024-10-07T04:47:58.508403379Z"
},
"Image": "sha256:c9cf76bb104e1d7bf59b23d4b9af832bf75736893c2fece60665bfdc73006bcb",
"ResolvConfPath": "/var/lib/docker/containers/f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb/hostname",
"HostsPath": "/var/lib/docker/containers/f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb/hosts",
"LogPath": "/var/lib/docker/containers/f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb/f5585bb9033659f127deeddd7b2d09a1956b9f67ccaba2a0189dda57a730ffdb-json.log",
"Name": "/registry",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": {
"5000/tcp": [
{
"HostIp": "",
"HostPort": "5050"
}
]
},
"RestartPolicy": {
"Name": "unless-stopped",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
68,
187
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": [],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
"/sys/devices/virtual/powercap"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/d02ade15dd9cac9ec2d8ca82b4b9ca08413c1c41dc10d34ed555e8eed37a62b7-init/diff:/var/lib/docker/overlay2/7ddc88a4be906beb5a7c19ab15eed6718c176d2e765a86a7e61d8f346f21e749/diff:/var/lib/docker/overlay2/cdb29006a3d621afc5d4045fa68d7cda8f56ff0263be229fccce3ab19e8a1028/diff:/var/lib/docker/overlay2/b2049244b9e477198867e6cafb9c48774bdd76798bd96dd8ac2d636a512229b1/diff:/var/lib/docker/overlay2/4294fa3472e4abaa7331e411fe9094f21ec402fdd26ebc223b13b16a24aeddd2/diff:/var/lib/docker/overlay2/6e979224b566f3ec449695912127fdd48909c718a712114179f035222a3f0e2a/diff",
"MergedDir": "/var/lib/docker/overlay2/d02ade15dd9cac9ec2d8ca82b4b9ca08413c1c41dc10d34ed555e8eed37a62b7/merged",
"UpperDir": "/var/lib/docker/overlay2/d02ade15dd9cac9ec2d8ca82b4b9ca08413c1c41dc10d34ed555e8eed37a62b7/diff",
"WorkDir": "/var/lib/docker/overlay2/d02ade15dd9cac9ec2d8ca82b4b9ca08413c1c41dc10d34ed555e8eed37a62b7/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "288e0c06ae58663ec290670dc14d5942392923f191a3cc6bdb74579bd089858a",
"Source": "/var/lib/docker/volumes/288e0c06ae58663ec290670dc14d5942392923f191a3cc6bdb74579bd089858a/_data",
"Destination": "/var/lib/registry",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "f5585bb90336",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"5000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/etc/docker/registry/config.yml"
],
"Image": "registry:2",
"Volumes": {
"/var/lib/registry": {}
},
"WorkingDir": "",
"Entrypoint": [
"/entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "3703efb01e4e0f17c570ac8ae45155210bc194031223b62b76f214ccd337cfa9",
"SandboxKey": "/var/run/docker/netns/3703efb01e4e",
"Ports": {
"5000/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "5050"
}
]
},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "de254a10bfcb3414c809ab78fd7af1fc7c53e433b890f06f179a47dd907cf4a4",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null,
"NetworkID": "1c303a754f2994fd65cc5bc6f62b5ccba897bd0edcdd73eb66a3e92d6677a2d2",
"EndpointID": "de254a10bfcb3414c809ab78fd7af1fc7c53e433b890f06f179a47dd907cf4a4",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
}
}
]