Sharing tailscale docker machine failure

[josham]

What is the issue?

Unable to access a shared machine using tailscale running in docker

Steps to reproduce

On Machine A I run the following (logging in with Account A):

docker run --rm -d \
  --name=tailscaled \
  -v $PWD/tailscale:/var/lib/tailscale \
  -v /dev/net/tun:/dev/net/tun \
  --network=host --privileged \
  tailscale/tailscale:v1.22 tailscaled

docker exec tailscaled tailscale up --authkey ...
docker exec tailscaled tailscale ip -4
100.64.31.37

I then share Machine A from Account A with Account B. Then on Machine B I run the same commands as above (except logging in with Account B). I am unable to ping the shared machine (it does show up in status):

docker exec tailscaled tailscale ping 100.64.31.37
timeout waiting for ping reply

The ping works as expected if it is not a shared machine (logging in using Account A on Machine B). If I repeat the setup, instead with tailscale running on the host (rather than in docker), everything works as expected.

Are there any recent changes that introduced the issue?

No response

OS

Linux

OS version

Both machines running Ubuntu 21.10

Tailscale version

1.22

Bug report

No response

[charles-d-burton]

Looks related to #3877

[DentonGentry]

One thought is the authkey being passed to Docker: if the authkey has tags applied, then the docker container is owned by the tag. It isn't allowed to access a node shared to the User.

The Host is likely authenticated to the User, so it works.

[DentonGentry]

ETIMEDOUT. I suspect this was an authkey carrying a tag, so Machine B was not owned by the user to whom the node was shared.