dockerdocker-composecontainersfedora

failed to start daemon: Error initializing network controller: Error creating default "bridge" network

I'm using Fedora release 33 (Thirty Three) Docker version is Docker version 20.10.0, build 7287ab3

First I ran docker system prune and since then docker daemon failed to start.

I ran systemctl start docker command and got

Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.

and then systemctl status docker.service I got

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pr>
     Active: failed (Result: exit-code) since Wed 2020-12-09 11:10:58 IST; 15s >
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
    Process: 10391 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/contai>
   Main PID: 10391 (code=exited, status=1/FAILURE)

Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Scheduled restart job,>
Dec 09 11:10:58 barad-laptop systemd[1]: Stopped Docker Application Container E>
Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Start request repeated>
Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Failed with result 'ex>
Dec 09 11:10:58 barad-laptop systemd[1]: Failed to start Docker Application Con>

Then sudo dockerd --debug and got

failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone

Related to this Github issue

Solution

  • Found out that

    $ firewall-cmd --get-active-zones
FedoraWorkstation
  interfaces: ens4u1u2 wlp59s0
docker
  interfaces: br-48d7d996793a
libvirt
  interfaces: virbr0
trusted
  interfaces: docker0

    the interface docker0 seems to be in the trusted zone. But there's another zone called docker.

    So I decided to give it a shot and add it to the docker zone instead.

    $ sudo firewall-cmd --permanent --zone=docker --change-interface=docker0
$ sudo firewall-cmd --reload

    Looks like this afterwards:

    $ firewall-cmd --get-active-zones
FedoraWorkstation
  interfaces: ens4u1u2 wlp59s0
docker
  interfaces: br-48d7d996793a docker0
libvirt
  interfaces: virbr0

    Seems to work.
    Maybe someone can shed more light on this.

    Edit: added firewall-cmd --reload as pointed out in the comments