Set default user namespace for docker

[Jiaxin-Wen]

the current code raises the following error

  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/models/containers.py", line 873, in run
    container = self.create(image=image, command=command,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/models/containers.py", line 932, in create
    resp = self.client.api.create_container(**create_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/api/container.py", line 439, in create_container
    return self.create_container_from_config(config, name, platform)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/api/container.py", line 456, in create_container_from_config
    return self._result(res, True)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/api/client.py", line 271, in _result
    self._raise_for_status(response)
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/api/client.py", line 267, in _raise_for_status
    raise create_api_error_from_http_exception(e) from e
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/share/virtualenvs/OpenDevin-73tHkqWu/lib/python3.11/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 400 Client Error for http+docker://localhost/v1.43/containers/create?name=sandbox-default: Bad Request ("cannot share the host's network namespace when user namespaces are enabled")

[rbren]

@Jiaxin-Wen can you explain more about why your environment triggers this error? Most people aren't seeing it IIUC

We did just add this to the README:

For those on MacOS, make sure to allow the default Docker socket to be used from advanced settings!

Is it possible this PR fixes that issue?

[Jiaxin-Wen]

my docker version is 7.0.0

Generally, I think --network=host is incompatible with user namespaces enabled.

[rbren]

I'm still a little unsure of this one, but we don't seem to have any consensus that it's the right solution, or that it's still a problem in the DOOD setup.

Going to close this one, but if anyone has any good arguments in favor feel free to bring them up in Slack