[docker-in-docker] - toggle ip6tables settings value as option (#1068)

* [docker-in-docker] - toggle ip6tables settings value as option * Update src/docker-in-docker/devcontainer-feature.json Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> * Update src/docker-in-docker/devcontainer-feature.json Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> * ip6tables - can be toggled * changes as requested * change to add test file.. * changes for docker_build_older test passing * misc change * CHANGE * chg * minor change to make tests pass * for sh compatibility * change for version * small change * few imp. changes * few changes * for test passing * minor commit * version added to a test scenario * changes * LOGIC was moved outside the init file for faster initialization times * changes * logic updated ! * chg * default value to be null * changes as suggested in review comments.. * by mistake * another small change * requested changes in comments (review pr) * change as requested * changes as suggested in review comments * Update src/docker-in-docker/install.sh Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> --------- Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>

[docker-in-docker] - toggle ip6tables settings value as option (#1068)
* [docker-in-docker] - toggle ip6tables settings value as option * Update src/docker-in-docker/devcontainer-feature.json Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> * Update src/docker-in-docker/devcontainer-feature.json Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> * ip6tables - can be toggled * changes as requested * change to add test file.. * changes for docker_build_older test passing * misc change * CHANGE * chg * minor change to make tests pass * for sh compatibility * change for version * small change * few imp. changes * few changes * for test passing * minor commit * version added to a test scenario * changes * LOGIC was moved outside the init file for faster initialization times * changes * logic updated ! * chg * default value to be null * changes as suggested in review comments.. * by mistake * another small change * requested changes in comments (review pr) * change as requested * changes as suggested in review comments * Update src/docker-in-docker/install.sh Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com> --------- Co-authored-by: Samruddhi Khandale <samruddhikhandale@github.com>
d926879c · Gaurav Saini · GitHub · b0667c55 · d926879c · d926879c
Unverified Commit d926879c authored Sep 16, 2024 by Gaurav Saini Committed by GitHub Sep 16, 2024
4 changed files
--- a/src/docker-in-docker/devcontainer-feature.json
+++ b/src/docker-in-docker/devcontainer-feature.json
 {
    "id": "docker-in-docker",
-    "version": "2.11.0",
+    "version": "2.12.0",
    "name": "Docker (Docker-in-Docker)",
    "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
    "description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
@@ -55,6 +55,11 @@
            "type": "boolean",
            "default": true,
            "description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
+        },
+        "disableIp6tables": {
+            "type": "boolean",
+            "default": false,
+            "description": "Disable ip6tables (this option is only applicable for Docker versions 27 and greater)"
        }
    },
    "entrypoint": "/usr/local/share/docker-init.sh",

--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -20,6 +20,7 @@ INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal jammy noble"
 DOCKER_LICENSED_ARCHIVE_VERSION_CODENAMES="bookworm buster bullseye bionic focal hirsute impish jammy noble"
+DISABLE_IP6_TABLES="${DISABLEIP6TABLES:-false}"
 # Default: Exit on any failure.
 set -e
@@ -468,6 +469,23 @@ if [ "${INSTALL_DOCKER_BUILDX}" = "true" ]; then
    find "${docker_home}" -type d -print0 | xargs -n 1 -0 chmod g+s
 fi
+DOCKER_DEFAULT_IP6_TABLES=""
+if [ "$DISABLE_IP6_TABLES" == true ]; then
+    requested_version=""
+    # checking whether the version requested either is in semver format or just a number denoting the major version
+    # and, extracting the major version number out of the two scenarios
+    semver_regex="^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?(\+([0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*))?$"
+    if echo "$DOCKER_VERSION" | grep -Eq $semver_regex; then
+        requested_version=$(echo $DOCKER_VERSION | cut -d. -f1)
+    elif echo "$DOCKER_VERSION" | grep -Eq "^[1-9][0-9]*$"; then
+        requested_version=$DOCKER_VERSION
+    fi
+    if [ "$DOCKER_VERSION" = "latest" ] || [[ -n "$requested_version" && "$requested_version" -ge 27 ]] ; then
+        DOCKER_DEFAULT_IP6_TABLES="--ip6tables=false"
+        echo "(!) As requested, passing '${DOCKER_DEFAULT_IP6_TABLES}'"
+    fi
+fi
 tee /usr/local/share/docker-init.sh > /dev/null \
 << EOF
 #!/bin/sh
@@ -480,11 +498,12 @@ set -e
 AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION}
 DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL}
+DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES}
 EOF
 tee -a /usr/local/share/docker-init.sh > /dev/null \
 << 'EOF'
-dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} $(cat << 'INNEREOF'
+dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL} DOCKER_DEFAULT_IP6_TABLES=${DOCKER_DEFAULT_IP6_TABLES} $(cat << 'INNEREOF'
    # explicitly remove dockerd and containerd PID file to ensure that it can start properly if it was stopped uncleanly
    find /run /var/run -iname 'docker*.pid' -delete || :
    find /run /var/run -iname 'container*.pid' -delete || :
@@ -562,7 +581,7 @@ dockerd_start="AZURE_DNS_AUTO_DETECTION=${AZURE_DNS_AUTO_DETECTION} DOCKER_DEFAU
    fi
    # Start docker/moby engine
-    ( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL > /tmp/dockerd.log 2>&1 ) &
+    ( dockerd $CUSTOMDNS $DEFAULT_ADDRESS_POOL $DOCKER_DEFAULT_IP6_TABLES > /tmp/dockerd.log 2>&1 ) &
 INNEREOF
 )"

--- a/test/docker-in-docker/dockerIp6tablesDisabledTest.sh
+++ b/test/docker-in-docker/dockerIp6tablesDisabledTest.sh
+#!/bin/bash
+set -e
+# Optional: Import test library
+source dev-container-features-test-lib
+ip6tablesCheck() {
+    if command -v ip6tables > /dev/null 2>&1; then
+        if ip6tables -L > /dev/null 2>&1; then
+            echo "✔️ ip6tables is enabled."
+        else
+            echo "❌ ip6tables is disabled."
+        fi
+    else
+        echo "❕ip6tables command not found. ❕"
+    fi
+}
+check "ip6tables" ip6tablesCheck
+check "ip6tables check" bash -c "docker network inspect bridge"
+check "docker-build" docker build ./
+reportResults
\ No newline at end of file
--- a/test/docker-in-docker/scenarios.json
+++ b/test/docker-in-docker/scenarios.json
@@ -8,6 +8,15 @@
            }
        }
    },
+    "dockerIp6tablesDisabledTest": {
+        "image": "ubuntu:focal",
+        "features": {
+            "docker-in-docker": {
+                "version": "27.0.3",
+                "disableIp6tables": true
+            }
+        }
+    },
    "dockerDefaultAddressPool": {
        "image": "mcr.microsoft.com/vscode/devcontainers/javascript-node:0-18",
        "remoteUser": "node",