Looks like a fix was proposed at: https://github.com/docker/libnetwork/pull/2339/files
However this fix didn't receive any feedback from upstream so far, and I'm not familiar with the docker codebase myself. So I'm a bit reluctant to import this patch. And on the other hand, after a quick look the patch looks pretty straightforward and harmless. Maybe someone else wants to have a look at this patch and give some feedback? On Wed, 24 Apr 2019 20:04:43 +0100 Jonathan Dowland <j...@debian.org> wrote: > severity 903635 critical > thanks > > Justification: "makes unrelated software on the system (or the whole system) break" > > Installing docker.io changed my FORWARD chain policy to DROP, breaking > networking for unrelated virsh-based VMs that I had installed on the machine at > the time. This matches exactly the text for severity: serious. > > -- > > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland > ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net > ⠈⠳⣄⠀⠀⠀⠀ > >