Rob Murray

Hello all - as @joeabbey says, this is related to the moby security advisory (and I'm the guilty party) ... the change is to make sure IPv6 is disabled on...

Ah, yes - CAP_NET_ADMIN will make the /proc files writable, amongst other things - including allowing dockerd to configure iptables and its networking, which it's always needed to do. So,...

Thank you! Is gitpod using host networking - or are these slightly different problems? (I think dockerd needs CAP_NET_ADMIN for its basic networking setup, so the gitpod problem probably isn't...

Hi @svenefftinge - to summarise from the moby side ... The problem is with an environment where "/proc/sys/net" is read-only. It'd normally be read-write on a host running dockerd, because...

docker-in-docker is normally run with `--privileged`, so the inner docker gets a read-write filesystem. But, it seems if the host running the outer docker has a read-only filesystem, it stays...

> We could, but we'll have to transition to the v2 format at some point. I'd prefer to kill it right away. Once the new format's existed for a release-or-so,...

We could backport this change to 26.1.x - then at least it'll be possible to roll back to `26.1.latest`, and we can ditch the old format now. We could also...

I'm a few years late to the party, but just had a look at this ... Here's a pretty-printed version of the API request in the description: ```json { "name":...

A hostname can't be a nameserver, a nameserver address is needed before a name can be resolved into an address. So I guess DNS from build containers running on that...

Thanks @dancysoft - the error is definitely new, and its message will be more helpful in the next release (https://github.com/moby/moby/pull/50124). But, we think a non-IP-address nameserver would have been silently...