fix: cannot start container when IPv6 is disabled#4824
fix: cannot start container when IPv6 is disabled#4824shouhei wants to merge 1 commit intocontainerd:mainfrom
Conversation
| // IPv6-disabled environments do not have these files. | ||
| if (fileAddress == netTCP6Stats || fileAddress == netUDP6Stats) && errors.Is(err, os.ErrNotExist) { | ||
| return nil, nil | ||
| } |
There was a problem hiding this comment.
I feel this error handling might be better placed in getUsedPorts, which calls procnet.ReadStatsFileData.
Since procnet.ReadStatsFileData is a general-purpose helper, handling cases like missing IPv6 files seems more like a caller-side concern. Keeping the helper focused on reading/parsing might make the responsibility clearer.
WDYT?
There was a problem hiding this comment.
Thanks for reviewing and the suggestion!
I initially thought keeping it inside ReadStatsFileData was better, since the caller has no knowledge of the actual file path being opened. However, I agree that explicitly handling the IPv6 case in getUsedPorts makes the intent clearer.
I'll update the fix like this:
tempTCPV6Data, err := procnet.ReadStatsFileData("tcp6")
if err != nil && !errors.Is(err, os.ErrNotExist) {
return nil, err
}
(Same for udp6.)
|
Please squash the commits |
shouhei
force-pushed
the
fix/handle-missing-proc-net-tcp6-udp6
branch
from
f644ae7 to
d58559a
Compare
…d systems Signed-off-by: Shouhei <shouhei.yamaguchi.be@gmail.com>
shouhei
force-pushed
the
fix/handle-missing-proc-net-tcp6-udp6
branch
from
d58559a to
ebf70c5
Compare
4 participants
Problem
On systems where IPv6 is disabled (e.g. kernel boot parameter
ipv6.disable=1), running a container with port mapping fails with the following error:Root Cause
When allocating host ports, nerdctl unconditionally reads
/proc/net/tcp6and/proc/net/udp6to check for ports already in use. On IPv6-disabled systems, the kernel does not create these files, causing the port allocation to fail entirely.Fix
Treat
ErrNotExistfor/proc/net/tcp6and/proc/net/udp6as a non-error, returningnil(no IPv6 ports in use) instead of propagating the error.Result
After this fix, containers with port mapping (
-p) start successfully on IPv6-disabled systems.Testing
No unit test is added at this time, as
netTCP6StatsandnetUDP6Statsare defined asconst, making it difficult to inject alternative paths. If the maintainers prefer, these could be changed tovarto allow unit testing with a mock path.