dockerd-rootless.sh fails on systems with IPv6 disabled #1548
Description
The dockerd-rootless.sh script unconditionally attempts to enable IPv6 forwarding via sysctl -w net.ipv6.conf.all.forwarding=1, which causes rootless Docker installation to fail on systems where IPv6 is intentionally disabled for security hardening.
When running dockerd-rootless-setuptool.sh install on a system with IPv6 disabled at the kernel level, the installation fails with:
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/forwarding: No such file or directory
[rootlesskit:child ] error: command [/usr/bin/dockerd-rootless.sh] exited: exit status 1
Expected Behavior
The script should either:
- Gracefully handle the case where IPv6 is disabled (skip the IPv6 sysctl or treat errors as non-fatal)
- Provide an environment variable (e.g.,
DOCKERD_ROOTLESS_DISABLE_IPV6=true) to skip IPv6 configuration - Check if IPv6 is available before attempting to configure it
Relevant Code
In /usr/bin/dockerd-rootless.sh (lines 242-243):
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1The IPv4 line succeeds, but the IPv6 line causes a fatal error when IPv6 is disabled.
Proposed Solution
Change line 243 to:
sysctl -w net.ipv6.conf.all.forwarding=1 2>/dev/null || trueOr add a conditional check:
if [ -f /proc/sys/net/ipv6/conf/all/forwarding ]; then
sysctl -w net.ipv6.conf.all.forwarding=1
fiEnvironment
- Docker version: 28.x (latest)
- OS: Ubuntu 24.04 (affects all Linux distributions)
- Installation method:
docker-ce-rootless-extraspackage - IPv6 status: Disabled via kernel parameter or sysctl
Additional Context
The Docker daemon configuration supports "ipv6": false in daemon.json, so there's already precedent for supporting IPv6-disabled environments at the daemon level. The rootless setup script should respect this same principle.