2

I am given to understand that docker bridge network can't be used anymore when running Docker in rootless mode & i see some mention of this in a few old git discussions. However when i go through the Docker docs for rootless or bridge-network i don't see any mention of such a restriction.

I see from the docs that one still can use the host-network mode with the below restriction,

Host network (docker run --net=host) is also namespaced inside RootlessKit.

and with the caveats mentioned here.

If one can still use the host-network as noted above how about the bridge-network? Can someone help throw some light?

UPDATE (OCT 5, 2022):

This one seems to indicate rootless docker does NOT support host network by stating the below while Docker's own rootless page doesn't seem to indicate so.

I wish Docker clarified these basic aspects clearly in the docs.

Doesn’t support –net-host.

lmk
  • 654
  • 5
  • 21

1 Answers1

3

Rootless docker is executed in a dedicated network namespace and has no permission for bridge devices in the host network namespace. At least podman (rootless networking) needs a userspace app to proxy network connections from and into the container (slirp4netens).

IamK
  • 2,753
  • 5
  • 30
  • 39
  • Thanks @C1sc0, please bear with my ignorance but what i am not able to understand is if one can still use the host-network mode with those caveats, why can't one use bridge-network mode aswell? What is the underlying problem that prevents such a possibility? Or is it just a matter of current support not being there with caveats? – lmk Oct 04 '22 at 19:57
  • 1
    You can use bridge, but not in the host network namespace, for short rootless networking sucks! – IamK Oct 04 '22 at 19:59
  • :-) I share your sentiment! On the aspect of not in the host network namespace, basically its similar to the host network mode right? There also we have the same restriction understandably & the docs in the caveat section mention using the `-p` flag to bind...so basically if i understood you right we can use bridge-mode aswell with those same caveats, in which case i wonder why they mention only the host-network mode in the rootless docker docs link i referred above.. – lmk Oct 04 '22 at 20:54
  • 1
    Yes, in your own network ns, you can do whatever you want. – IamK Oct 04 '22 at 21:01
  • This [one](https://thenewstack.io/how-to-run-docker-in-rootless-mode/) says rootless docker "Doesn’t support –net-host." But --net-host is basically for host network so i am not sure where they are picking up that info from.. – lmk Oct 06 '22 at 02:48