failed to start daemon: Error initializing network controller: Error creating default "bridge" network

Question

I'm using Fedora release 33 (Thirty Three) Docker version is Docker version 20.10.0, build 7287ab3

First I ran docker system prune and since then docker daemon failed to start.

I ran systemctl start docker command and got

Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details. 

and then systemctl status docker.service I got

● docker.service - Docker Application Container Engine      Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pr>      Active: failed (Result: exit-code) since Wed 2020-12-09 11:10:58 IST; 15s > TriggeredBy: ● docker.socket        Docs: https://docs.docker.com     Process: 10391 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/contai>    Main PID: 10391 (code=exited, status=1/FAILURE)  Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Scheduled restart job,> Dec 09 11:10:58 barad-laptop systemd[1]: Stopped Docker Application Container E> Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Start request repeated> Dec 09 11:10:58 barad-laptop systemd[1]: docker.service: Failed with result 'ex> Dec 09 11:10:58 barad-laptop systemd[1]: Failed to start Docker Application Con> 

Then sudo dockerd --debug and got

failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: ZONE_CONFLICT: 'docker0' already bound to a zone 

Related to this Github issue

Answer 1

Found out that

$ firewall-cmd --get-active-zones FedoraWorkstation   interfaces: ens4u1u2 wlp59s0 docker   interfaces: br-48d7d996793a libvirt   interfaces: virbr0 trusted   interfaces: docker0 

the interface docker0 seems to be in the trusted zone. But there's another zone called docker.

So I decided to give it a shot and add it to the docker zone instead.

$ sudo firewall-cmd --permanent --zone=docker --change-interface=docker0 

Looks like this afterwards:

$ firewall-cmd --get-active-zones FedoraWorkstation   interfaces: ens4u1u2 wlp59s0 docker   interfaces: br-48d7d996793a docker0 libvirt   interfaces: virbr0 

Seems to work.
Maybe someone can shed more light on this.

Answer 2

I got this error after upgrading docker-ce on my Fedora 32. It looks like the new docker conflicts with the manual firewall configuration mentioned in the article you linked in your answer. I had the rules on my machine to enable container-to-container communication.

Docker started successfully after I reverted the firewall rules:

sudo firewall-cmd --permanent --zone=trusted --remove-interface=docker0 sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-masquerade sudo firewall-cmd --reload sudo systemctl restart docker 

The changes don't seem to affect the ability of containers to talk to each other.