Getting Read Only Filesystem Error inside a docker container

Question

This command

echo 1 | sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6

when run inside a CentOS docker container (running on Mac), gives:

echo 1 | sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6
tee: /proc/sys/net/ipv6/conf/all/disable_ipv6: Read-only file system
1

When run inside a CentOS virtual machine, it succeeds and gives no error.

The directory permissions inside docker container and VM are exactly the same:

VM:

$ ls -ld /proc/sys/net/ipv6/conf/all/disable_ipv6
-rw-r--r-- 1 root root 0 Jan  4 21:09 /proc/sys/net/ipv6/conf/all/disable_ipv6

docker:

$ ls -ld /proc/sys/net/ipv6/conf/all/disable_ipv6
-rw-r--r-- 1 root root 0 Jan  5 05:05 /proc/sys/net/ipv6/conf/all/disable_ipv6

This is a fresh, brand new container.

Docker version:

$ docker --version
Docker version 18.09.0, build 4d60db4

What am I missing?

Answer 1

Try hackish solution and add extended privileges to the container with --privileged:

$ docker run --rm -ti centos \
  bash -c "echo 1 | tee /proc/sys/net/ipv6/conf/all/disable_ipv6"
tee: /proc/sys/net/ipv6/conf/all/disable_ipv6: Read-only file system
1

vs

$ docker run --privileged --rm -ti centos \
  bash -c "echo 1 | tee /proc/sys/net/ipv6/conf/all/disable_ipv6"
1

You can use --cap-add to add precise privilege instead of --privileged.

However --sysctl looks like the best solution, instead of hacking networking in the container with --privileged:

$ docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 \
  --rm -ti centos bash -c "cat /proc/sys/net/ipv6/conf/all/disable_ipv6"             
1