无法启动守护进程:初始化网络控制器时出错:创建默认“桥接”网络时出错
我使用的Fedora release 33 (Thirty Three)
Docker 版本是Docker version 20.10.0, build 7287ab3
首先我跑了docker system prune,从那以后 docker daemon 无法启动。
我运行systemctl start docker命令并得到
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
然后systemctl status docker.service我得到了
? docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pr>
Active: failed (Result: exit-code) since Wed 2020-12-09 11:10:58 IST; 15s >
TriggeredBy: ? docker.socket
Docs: https://docs.docker.com
Process: 10391 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/contai>
Main PID: 10391 (code=exited, status=1/FAILURE)
Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Scheduled restart job,>
Dec 09 11:10:58 barad-laptop systemd[1]: Stopped Docker Application Container E>
Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Start request repeated>
Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Failed with result 'ex>
Dec 09 11:10:58 barad-laptop systemd[1]: Failed to start Docker Application Con>
然后sudo dockerd --debug得到
failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone
与此 Github 问题相关
回答
发现了
$ firewall-cmd --get-active-zones
FedoraWorkstation
interfaces: ens4u1u2 wlp59s0
docker
interfaces: br-48d7d996793a
libvirt
interfaces: virbr0
trusted
interfaces: docker0
接口docker0似乎在受信任区域中。但是还有另一个区域叫做docker。
所以我决定试一试并将其添加到docker zone。
$ sudo firewall-cmd --zone=docker --change-interface=docker0
之后的样子:
$ firewall-cmd --get-active-zones
FedoraWorkstation
interfaces: ens4u1u2 wlp59s0
docker
interfaces: br-48d7d996793a docker0
libvirt
interfaces: virbr0
似乎工作。
也许有人可以对此有所了解。
- please add --permanent in your command
回答
在我的 Fedora 32 上升级 docker-ce 后,我收到此错误。看起来新的 docker 与您在答案中链接的文章中提到的手动防火墙配置冲突。我的机器上有启用容器到容器通信的规则。
在我恢复防火墙规则后,Docker 成功启动:
sudo firewall-cmd --permanent --zone=trusted --remove-interface=docker0
sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-masquerade
sudo firewall-cmd --reload
sudo systemctl restart docker
这些变化似乎不会影响容器相互通信的能力。
- Just had the same problem after upgrading to Fedora 33 and this solution worked. I did have to re-apply the rules afterwards for the docker containers to have network access again.