From 356a9d28f4edd0aa088259ed955afde305b11ff1 Mon Sep 17 00:00:00 2001
From: Andrew Kvalheim <andrew@kvalhe.im>
Date: Fri, 11 Oct 2024 09:40:10 -0700
Subject: [PATCH] Ensure that /proc/sys/net is writable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Works around failure of Docker to create containers (moby/moby#47769)—

    level=error msg="Cannot disable IPv6 on container interface." error="open /proc/sys/net/ipv6/conf/eth0/disable_ipv6: read-only file system" interface=eth0

—as suggested in the Docker Engine 27.0.1 release notes.
---
 build.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/build.sh b/build.sh
index 2918db5..d7851a5 100755
--- a/build.sh
+++ b/build.sh
@@ -50,6 +50,26 @@ cat > $mnt/etc/systemd/system/systemd-networkd-wait-online.service.d/override.co
 TimeoutSec=10s
 EOF
 
+# Ensure that /proc/sys/net is writable to allow Docker to set
+# /proc/sys/net/ipv6/conf/*/disable_ipv6. Works around moby/moby#47769 as
+# suggested in the Docker Engine 27.0.1 release notes.
+cat > $mnt/etc/systemd/system/remount-proc-sys.service <<EOF
+[Unit]
+Description=Remount /proc/sys as writable
+Before=docker.service
+ConditionVirtualization=docker
+ConditionPathExists=/proc/sys
+ConditionPathIsReadWrite=!/proc/sys
+
+[Service]
+Type=oneshot
+ExecStart=mount --options rw,remount /proc/sys
+
+[Install]
+WantedBy=docker.service
+EOF
+systemctl --root=$mnt enable remount-proc-sys.service
+
 # Generate SSH keys on first boot
 cat > $mnt/etc/systemd/system/ssh-hostkey-generate.service <<EOF
 [Unit]