From 76b1d304e41997bdf34ff2085bbd0753f68ecad7 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sun, 2 Nov 2025 16:41:43 +0900
Subject: [PATCH] dockerd-rootless.sh: reject
 DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host

`rootlesskit --net=host` does not work with Docker.

Alternative ways to run Rootless Docker without the network overhead:
- Use https://github.com/rootless-containers/bypass4netns
- Or, use `docker run --net=host` with a PR 47103 (WIP)

See issue 51363

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 contrib/dockerd-rootless.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/dockerd-rootless.sh b/contrib/dockerd-rootless.sh
index f50f67f92e..16ab38ba4d 100755
--- a/contrib/dockerd-rootless.sh
+++ b/contrib/dockerd-rootless.sh
@@ -130,6 +130,10 @@ if [ -z "$net" ]; then
 		echo "One of slirp4netns (>= v0.4.0), pasta (passt >= 2023_12_04), or vpnkit needs to be installed"
 	fi
 fi
+if [ "$net" = host ]; then
+	echo "Unsupported RootlessKit network driver: $net"
+	exit 1
+fi
 if [ -z "$mtu" ]; then
 	if [ "$net" = slirp4netns -o "$net" = pasta ]; then
 		mtu=65520