Docker and the VirtualBox host-only networks

This blogpost is mostly written for myself as a reminder on how I solved this annoying issue I had after upgrading VirtualBox in my MacBook Pro.

I have recently migrated VirtualBox from release 6.1.26 to release 6.1.30 on my MacBook Pro running MacOS 12.0.1. When trying to launch Docker (version 20.10.11) containers I started to get a bunch of errors. The error occurs in multiple of the Docker command line tools, for example in the docker-machine command. The output shows that docker-machine has issues reaching the host-only network of VirtualBox:

Starting "default"…
(default) Check network to re-create if needed…
(default) Creating a new host-only adapter produced an error: /usr/local/bin/VBoxManage hostonlyif create failed:
(default) 0%…
(default) Progress state: NS_ERROR_FAILURE
(default) VBoxManage: error: Failed to create the host-only adapter
(default) VBoxManage: error: VBoxNetAdpCtl: Error while adding new interface: failed to open /dev/vboxnetctl: No such file or directory
(default) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component HostNetworkInterfaceWrap, interface IHostNetworkInterface
(default) VBoxManage: error: Context: "RTEXITCODE handleCreate(HandlerArg *)" at line 95 of file VBoxManageHostonly.cpp
(default)
(default) This is a known VirtualBox bug. Let's try to recover anyway…
Error setting up host only network on machine start: The host-only adapter we just created is not visible. This is a well known VirtualBox bug. You might want to uninstall it and reinstall at least version 5.0.12 that is is supposed to fix this issue

This is not the first time I have had network issues similar to this one. The fix in these cases was simple, remove all the host-only networks and recreate your docker machine. Unfortunately this time around, that fix didn’t work, we are still getting the issue with the host-only network after we removed all existing host-only networks:

docker-machine create --driver virtualbox --virtualbox-memory "2048" default
Running pre-create checks…
Creating machine…
(default) Copying /Users/klaas-jan.jongsma/.docker/machine/cache/boot2docker.iso to /Users/klaas-jan.jongsma/.docker/machine/machines/default/boot2docker.iso…
(default) Creating VirtualBox VM…
(default) Creating SSH key…
(default) Starting the VM…
(default) Check network to re-create if needed…
(default) Found a new host-only adapter: "vboxnet0"
Error creating machine: Error in driver during machine creation: Error setting up host only network on machine start: /usr/local/bin/VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.99.1 --netmask 255.255.255.0 failed:
VBoxManage: error: Code E_ACCESSDENIED (0x80070005) - Access denied (extended info not available)
VBoxManage: error: Context: "EnableStaticIPConfig(Bstr(pszIp).raw(), Bstr(pszNetmask).raw())" at line 242 of file VBoxManageHostonly.cpp

After scanning through the VirtualBox documentation on host-only networks, you will see that for Solaris, Linux and MacOS the allowed ip range for host-only networks has changed. VirtualBox will now only accept IP addresses to be assigned in the 192.168.56.0/21 range. The errors above show that Docker is trying to create and assign a 192.168.99.1/24 address and mask.

There are now 2 obvious solutions, one would be changing the way how docker creates your machine so it fits in the “new” address space that VirtualBox now uses:

docker-machine create --driver virtualbox --virtualbox-memory "2048" --virtualbox-hostonly-cidr 192.168.56.1/21 default

We can also solve this at the other side of the problem, that is changing the behaviour of VirtualBox. In order to do this we need to create the file networks.conf in /etc/vbox. In the network.confs we can tell VirtualBox what networks we are allowing:

sudo mkdir /etc/vbox
sudo vi /etc/vbox/networks.conf

cat /etc/vbox/networks.conf
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64