From 5b1987466d1d074460343f57318fd09e7657233e Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Wed, 27 May 2026 15:42:51 +0000
Subject: [PATCH 1/2] Check the tests

---
 test/docker-in-docker/docker_with_iptables.sh | 20 +++++++++++
 .../docker_with_iptables_ubuntu.sh            | 20 +++++++++++
 .../docker_without_iptables.sh                | 20 +++++++++++
 .../docker_without_iptables_ubuntu.sh         | 20 +++++++++++
 test/docker-in-docker/scenarios.json          | 36 +++++++++++++++++++
 5 files changed, 116 insertions(+)
 create mode 100644 test/docker-in-docker/docker_with_iptables.sh
 create mode 100644 test/docker-in-docker/docker_with_iptables_ubuntu.sh
 create mode 100644 test/docker-in-docker/docker_without_iptables.sh
 create mode 100644 test/docker-in-docker/docker_without_iptables_ubuntu.sh

diff --git a/test/docker-in-docker/docker_with_iptables.sh b/test/docker-in-docker/docker_with_iptables.sh
new file mode 100644
index 000000000..e29e10146
--- /dev/null
+++ b/test/docker-in-docker/docker_with_iptables.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Feature specific tests
+check "iptables works" sudo iptables -L
+check "iptables uses legacy" bash -c "iptables --version | grep legacy"
+
+check "version" docker  --version
+check "docker-ps" bash -c "docker ps"
+check "log-exists" bash -c "ls /tmp/dockerd.log"
+check "log-for-completion" bash -c "cat /tmp/dockerd.log | grep 'Daemon has completed initialization'"
+check "log-contents" bash -c "cat /tmp/dockerd.log | grep 'API listen on /var/run/docker.sock'"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/docker_with_iptables_ubuntu.sh b/test/docker-in-docker/docker_with_iptables_ubuntu.sh
new file mode 100644
index 000000000..e29e10146
--- /dev/null
+++ b/test/docker-in-docker/docker_with_iptables_ubuntu.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Feature specific tests
+check "iptables works" sudo iptables -L
+check "iptables uses legacy" bash -c "iptables --version | grep legacy"
+
+check "version" docker  --version
+check "docker-ps" bash -c "docker ps"
+check "log-exists" bash -c "ls /tmp/dockerd.log"
+check "log-for-completion" bash -c "cat /tmp/dockerd.log | grep 'Daemon has completed initialization'"
+check "log-contents" bash -c "cat /tmp/dockerd.log | grep 'API listen on /var/run/docker.sock'"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/docker_without_iptables.sh b/test/docker-in-docker/docker_without_iptables.sh
new file mode 100644
index 000000000..6d2dab04c
--- /dev/null
+++ b/test/docker-in-docker/docker_without_iptables.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Feature specific tests
+check "iptables works" sudo iptables -L
+check "iptables uses nf_tables" bash -c "iptables --version | grep nf_tables"
+
+check "version" docker  --version
+check "docker-ps" bash -c "docker ps"
+check "log-exists" bash -c "ls /tmp/dockerd.log"
+check "log-for-completion" bash -c "cat /tmp/dockerd.log | grep 'Daemon has completed initialization'"
+check "log-contents" bash -c "cat /tmp/dockerd.log | grep 'API listen on /var/run/docker.sock'"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/docker_without_iptables_ubuntu.sh b/test/docker-in-docker/docker_without_iptables_ubuntu.sh
new file mode 100644
index 000000000..6d2dab04c
--- /dev/null
+++ b/test/docker-in-docker/docker_without_iptables_ubuntu.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Feature specific tests
+check "iptables works" sudo iptables -L
+check "iptables uses nf_tables" bash -c "iptables --version | grep nf_tables"
+
+check "version" docker  --version
+check "docker-ps" bash -c "docker ps"
+check "log-exists" bash -c "ls /tmp/dockerd.log"
+check "log-for-completion" bash -c "cat /tmp/dockerd.log | grep 'Daemon has completed initialization'"
+check "log-contents" bash -c "cat /tmp/dockerd.log | grep 'API listen on /var/run/docker.sock'"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/scenarios.json b/test/docker-in-docker/scenarios.json
index 2f9df3958..497708f26 100644
--- a/test/docker-in-docker/scenarios.json
+++ b/test/docker-in-docker/scenarios.json
@@ -1,4 +1,40 @@
 {
+    "docker_without_iptables": {
+        "image": "mcr.microsoft.com/devcontainers/base:debian",
+        "features": {
+            "docker-in-docker": {
+                "moby": "false"
+            }
+        },
+        "initializeCommand": "sudo modprobe --remove --remove-holders --wait 1000 ip_tables"
+    },
+    "docker_with_iptables": {
+        "image": "mcr.microsoft.com/devcontainers/base:debian",
+        "features": {
+            "docker-in-docker": {
+                "moby": "false"
+            }
+        },
+        "initializeCommand": "sudo modprobe ip_tables"
+    },
+    "docker_without_iptables_ubuntu": {
+        "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+        "features": {
+            "docker-in-docker": {
+                "moby": "false"
+            }
+        },
+        "initializeCommand": "sudo modprobe --remove --remove-holders --wait 1000 ip_tables"
+    },
+    "docker_with_iptables_ubuntu": {
+        "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+        "features": {
+            "docker-in-docker": {
+                "moby": "false"
+            }
+        },
+        "initializeCommand": "sudo modprobe ip_tables"
+    },        
     "overlayfs_containerd_root": {
         "image": "mcr.microsoft.com/devcontainers/base:noble",
         "features": {

From 4cad3da0237d854d7b0df43cdba2fdae46aefac0 Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Wed, 27 May 2026 16:52:21 +0000
Subject: [PATCH 2/2] check the log

---
 test/docker-in-docker/docker_without_iptables.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/docker-in-docker/docker_without_iptables.sh b/test/docker-in-docker/docker_without_iptables.sh
index 6d2dab04c..6ecaddc8d 100644
--- a/test/docker-in-docker/docker_without_iptables.sh
+++ b/test/docker-in-docker/docker_without_iptables.sh
@@ -6,6 +6,20 @@ set -e
 source dev-container-features-test-lib
 
 # Feature specific tests
+check "docker-ps" bash -c "docker ps"
+# Fail loudly if dockerd never finished initializing, printing the real error
+check "dockerd-started-successfully" bash -c '
+    if ! grep -q "Daemon has completed initialization" /tmp/dockerd.log; then
+        echo "❌ Docker daemon failed to start. Last errors from /tmp/dockerd.log:"
+        echo "----- dockerd.log (tail) -----"
+        tail -n 100 /tmp/dockerd.log
+        echo "----- error/fatal lines -----"
+        grep -iE "error|fatal|failed|panic" /tmp/dockerd.log || true
+        exit 1
+    fi
+'
+check "log-for-completion" bash -c "cat /tmp/dockerd.log | grep 'Daemon has completed initialization'"
+
 check "iptables works" sudo iptables -L
 check "iptables uses nf_tables" bash -c "iptables --version | grep nf_tables"