The latest release of Docker (19.03.11) needs to write to /proc/sys/net/ipv6/conf/docker0/accept_ra for mitigation of CVE-2020-13401. @ijohnson suggested the right solution is probably just to add the network-control plug to dockerd, and ask for it to be auto-connected.
@ijohnson also did some testing and found that adding network-control was sufficient to resolve the issue (and IMO makes sense, since Docker expects to mange the interfaces it creates too, but happy to discuss/adjust ).
I’m going to fast track the vote since the most recent docker includes an important CVE fix but the lack of (an auto-connecting) network-control is causing a regression in certain situations. @reviewers - please comment as desired if you feel this is in error and we can revisit the auto-connection.
2 votes for, 0 against. Granting auto-connection for network-control. This is now live.