rootless dind does not work on Docker for Windows

[viceice]

• I have tried with the latest version of my channel (Stable or Edge)
• I have uploaded Diagnostics
• Diagnostics ID:

Expected behavior

Rootless DinD should work

Actual behavior

Rootless DinD doesn't work

$ docker run -it --rm --name dind --privileged docker:dind-rootless --experimental
...
[rootlesskit:child ] error: executing [[ip tuntap add name tap0 mode tap] [ip link set tap0 address <MAC>]]: exit status 1

Minimum reproducer:

$ docker run -it --rm --privileged docker:dind-rootless unshare -rn sh -c "ip tuntap add name tap0 mode tap"
open: Permission denied

Problem /dev/net/tun is not readable by rootless user. Other users should have read-write permission.

Information

• Windows Version: 10.1903.18362.267
• Docker for Mac 2.1.0.1 (37199) (Docker 19.03.1)

Reference

docker-library/docker#174
docker/for-mac#3838

[viceice]

Workaround

docker run --privileged --rm -v /:/host alpine chmod o=rw /host/dev/net/tun

This will fix the permission issue temporary (until mobyvm reset)

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked