https://bugzilla.redhat.com/show_bug.cgi?id=1033606
--- Comment #14 from Marek Goldmann mgoldman@redhat.com --- (In reply to Josh Poimboeuf from comment #13)
Sorry, I misunderstood. It should be ok for docker to leave the docker0 bridge device after it exits. In fact it's probably necessary so that already running containers won't lose their network if the docker daemon has to restart.
When docker starts up, it checks for the existence of docker0. If it doesn't exist then it creates it and sets up the iptables rules appropriately. So future starts of docker will re-use the same bridge device, which should work fine.
OK, this makes sense.
The debug trace you posted seemed to show that docker0 already existed. So what I'm still confused about is how is the the docker0 device getting created to start with? It looks like somebody created docker0 without setting up its needed iptables rules.
I wouldn't assume this, since the rules are executed no matter if the docker0 interface is started up or not:
https://github.com/dotcloud/docker/blob/v0.7.0/iptables/iptables.go#L105
This bridge was created by running the systemd service, no other tool created it.