8 Known Issues
The following sections describe known issues in the current release of Oracle Container Runtime for Docker.
WARNING: bridge-nf-call-iptables Is Disabled
Warning messages may be displayed by Docker Engine when a user
performs some actions, such as running docker
info if the system kernel on a host system is configured
to disable the
net.bridge.bridge-nf-call-iptables and
net.bridge.bridge-nf-call-ip6tables options.
For example, the user may see an error similar to:
WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
This is expected behavior. These settings control whether packets traversing a network bridge are processed by iptables rules on the host system. Typically, enabling these options is not desirable as this can cause guest container traffic to be blocked by iptables rules that are intended for the host. This could cause unpredictable behavior for containers that do not expect traffic to be firewalled at the host level.
If you accept and understand the implications of enabling these options or you have no iptables rules set on the host, you can enable these options to remove the warning messages. To temporarily enable these options:
sysctl net.bridge.bridge-nf-call-iptables=1 sysctl net.bridge.bridge-nf-call-ip6tables=1
To make these options permanent, edit
/etc/sysctl.conf and add the lines:
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
Starting the Docker Engine With User Namespace Remapping Set To Default Can Fail
Starting the Docker Engine with User Namespace Remapping set to
default can fail with an error during the creation of the
dockremap user. For example:
dockerd --userns-remap default
Error during "dockremap" user creation: Couldn't create subordinate ID ranges: Unable to add subuid range to user: "dockremap"; output: usermod: invalid option -- 'v' Usage: usermod [options] LOGIN
Creating a manual map file is unaffected by this issue.