devcontainers · samruddhikhandale · Sep 16, 2024 · Jul 29, 2024 · Jul 30, 2024 · Jul 30, 2024
@@ -1,6 +1,6 @@
 {
     "id": "docker-in-docker",
-    "version": "2.11.0",
+    "version": "2.12.0",
     "name": "Docker (Docker-in-Docker)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
     "description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
@@ -55,6 +55,11 @@
             "type": "boolean",
             "default": true,
             "description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
+        },
+        "disableIp6tables": {
+            "type": "boolean",
+            "default": false,
+            "description": "Disable ip6tables (this option is only applicable for Docker versions 27 and greater)"
         }
     },
     "entrypoint": "/usr/local/share/docker-init.sh",

@@ -20,6 +20,7 @@ INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
 DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble"
+DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"
 
 # Default: Exit on any failure.
 set -e
@@ -468,6 +469,29 @@ if [ "${INSTALL_DOCKER_BUILDX}" = "true" ]; then
     find "${docker_home}" -type d -print0 | xargs -n 1 -0 chmod g+s
 fi
 
+DOCKER_DEFAULT_IP6_TABLES=""
+requested_version=""
+# checking whether the version requested either is in semver format or just a number denoting the major version
+# extracting the major version number out of the two scenarios
+semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?$"
+if echo "$DOCKER_VERSION" | grep -Eq "$semver_regex"; then
+    requested_version=$(echo $DOCKER_VERSION | cut -d. -f1)
+elif echo "$DOCKER_VERSION" | grep -Eq "^-?[0-9]+$"; then
+    requested_version=$DOCKER_VERSION
+fi
+
+if [[ -n "$requested_version" && "$requested_version" -ge 27 ]] || [ "$DOCKER_VERSION" = "latest" ]; then
+        if [ "$DISABLE_IP6_TABLES" == true ]; then
+            DOCKER_DEFAULT_IP6_TABLES="--ip6tables=false"
+            echo "(!) As requested, passing '${DOCKER_DEFAULT_IP6_TABLES}'"
+        fi
+else 
+    if [ "$DISABLE_IP6_TABLES" == false ]; then
+        echo "ERR: Passing --ip6tables=true is not supported for Docker v26 and below... Remove 'disableIp6tables:false' from Feature options..."
+        exit 1
+    fi
+fi
+
 tee /usr/local/share/docker-init.sh > /dev/null \
 << EOF
 #!/bin/sh
@@ -480,11 +504,12 @@ set -e
 
 AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION}
 DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL}
+DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES}
 EOF
 
 tee -a /usr/local/share/docker-init.sh > /dev/null \
 << 'EOF'
-dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} $(cat << 'INNEREOF'
+dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES} $(cat << 'INNEREOF'
     # explicitly remove dockerd and containerd PID file to ensure that it can start properly if it was stopped uncleanly
     find /run /var/run -iname 'docker*.pid' -delete || :
     find /run /var/run -iname 'container*.pid' -delete || :
@@ -562,7 +587,7 @@ dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAU
     fi
 
     # Start docker/moby engine
-    ( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL > /tmp/dockerd.log 2>&1 ) &
+    ( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL $DOCKER_DEFAULT_IP6_TABLES > /tmp/dockerd.log 2>&1 ) &
 INNEREOF
 )"
 

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+ip6tablesCheck() {
+    if command -v ip6tables > /dev/null 2>&1; then
+        if ip6tables -L > /dev/null 2>&1; then
+            echo "✔️ ip6tables is enabled."
+        else
+            echo "❌ ip6tables is disabled."
+        fi
+    else
+        echo "❕ip6tables command not found. ❕"
+    fi
+}
+
+check "ip6tables" ip6tablesCheck
+check "ip6tables check" bash -c "docker network inspect bridge"
+check "docker-build" docker build ./
+
+reportResults
@@ -8,6 +8,15 @@
             }
         }
     },
+    "dockerIp6tablesDisabledTest": {
+        "image": "ubuntu:focal",
+        "features": {
+            "docker-in-docker": {
+                "version": "27.0.3",
+                "disableIp6tables": true
+            }
+        }
+    },
     "dockerDefaultAddressPool": {
         "image": "mcr.microsoft.com/vscode/devcontainers/javascript-node:0-18",
         "remoteUser": "node",