Skip to content

[24.0 backport] daemon: release sandbox even when NetworkDisabled#46702

Merged
thaJeztah merged 1 commit intomoby:24.0from
thaJeztah:24.0_backport_releaseNetwork_NetworkDisabled
Oct 24, 2023
Merged

[24.0 backport] daemon: release sandbox even when NetworkDisabled#46702
thaJeztah merged 1 commit intomoby:24.0from
thaJeztah:24.0_backport_releaseNetwork_NetworkDisabled

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Oct 23, 2023

- What I did

When the default bridge is disabled by setting dockerd's --bridge=none option, the daemon still creates a sandbox for containers with no network attachment specified. In that case NetworkDisabled will be set to true.

However, currently the releaseNetwork call will early return if NetworkDisabled is true. Thus, these sandboxes won't be deleted until the daemon is restarted. If a high number of such containers are created, the daemon would then take few minutes to start.

As a side note, NetworkDisabled semantics is weird/broken and should be revised:

  • On one hand a sandbox is created even if NetworkDisbled is set. Thus it allows these containers to be manually connected to other networks;
  • OTOH, when manually connecting such container to a network nothing happens and no error is returned (ie. no interface and no route provisioned, no embedded DNS, etc...);

- Description for the changelog

  • Fix a bug that would prevent network sandboxes to be properly deleted when stopping containers with no network attachment are specified and dockerd's --bridge=none option is specified.

- A picture of a cute animal (not mandatory but encouraged)

@payall4u @thaJeztah
daemon: release sandbox even when NetworkDisabled
05d95fd 
When the default bridge is disabled by setting dockerd's `--bridge=none`
option, the daemon still creates a sandbox for containers with no
network attachment specified. In that case `NetworkDisabled` will be set
to true.

However, currently the `releaseNetwork` call will early return if
NetworkDisabled is true. Thus, these sandboxes won't be deleted until
the daemon is restarted. If a high number of such containers are
created, the daemon would then take few minutes to start.

See moby#42461.

Signed-off-by: payall4u <payall4u@qq.com>
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit 9664f33)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah added this to the 24.0.7 milestone Oct 23, 2023
akerouanton
akerouanton approved these changes Oct 24, 2023
View reviewed changes
Copy link
Member

@akerouanton akerouanton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit 9b20b1a into moby:24.0 Oct 24, 2023
@thaJeztah thaJeztah deleted the 24.0_backport_releaseNetwork_NetworkDisabled branch October 24, 2023 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akerouanton akerouanton akerouanton approved these changes

Assignees

No one assigned

Labels

area/networking Networking impact/changelog kind/bugfix PR's that fix bugs status/2-code-review

Projects

None yet

Milestone

24.0.7

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @akerouanton @payall4u