Add --mac-address flag to set custom MAC addresses for containers

[DSS3113]

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update

Motivation and Context

[Why is this change needed?]
Currently, there is no way to specify a custom MAC address for a container's network interface and the MAC address is auto-generated by the system.

Use Cases

• Network Testing: Developers testing network-dependent applications that need predictable MAC addresses
• License Management: Running containerized software with MAC-based license keys
• Network Automation: Scripts and tools that expect specific MAC addresses for configuration
• Debugging: Consistent MAC addresses across container restarts for easier troubleshooting

Testing

• Tested locally
• Added/updated tests
• Added/updated docs

Issue

closes #752

[siikamiika]

(disclaimer: I'm not a maintainer and I'm not requesting a change, just interested in this feature because I'm implementing an adjacent feature to --network in #751)

Do you know how docker or podman handle this if there are multiple networks? I think if you do something like --network net-1 --network net-2 --mac-address ff:ff:ff:ff:ff:ff this will set the MAC on net-1.

[DSS3113]

Thanks for the question! Yes, multiple --network flags are supported with a single --mac-address flag. I tested this and here's the behavior:

container run --network net-1 --network net-2 --mac-address 02:42:ac:11:00:02 ubuntu
net-1 (first network): Gets the specified MAC address 02:42:ac:11:00:02
net-2 (subsequent networks): Gets auto-generated MAC address

I am not sure about podman but docker simply does not support inputting multiple --network flags in the run command when a single --mac-address is specified. [Edited]

docker run -d --name test-mac-container --mac-address 02:42:ac:11:00:99 --network test-net-1 --network test-net-2 --network test-net-3 alpine sleep 300

docker: Error response from daemon: Container cannot be connected to network endpoints: test-net-1, test-net-2, test-net-3.
See 'docker run --help'.

[siikamiika]

That's interesting, according to Docker docs multiple networks should be supported. Could it be related to the --mac-address flag even though the error message is a bit vague? (or maybe that's what you meant)

I don't have Docker installed at the moment, but I tried how Podman works in a VM:

# by default podman uses host networking
# podman also has a default bridge network that can be used with either --network=bridge or --network=podman, same as --network=default or no --network in apple/container

# create two custom named bridge networks:
$ podman network create net-1 # gets the network 10.89.0.0/24
$ podman network create net-2 # gets the network 10.89.1.0/24

$ podman run --rm -it --network=bridge --mac-address=02:00:00:00:00:01 alpine # default bridge network gets static mac (command fails with just --mac-address but that's due to the network type)
$ podman run --rm -it --network=net-1 --mac-address=02:00:00:00:00:01 alpine # custom bridge network net-1 gets static mac
$ podman run --rm -it --network=net-1 --network=net-2 alpine  # starts (random mac for both)
$ podman run --rm -it --mac-address=02:00:00:00:00:01 --network=net-1 --network=net-2 alpine # fails
Error: --mac-address can only be set for a single network: invalid argument
$ podman run --rm -it --network=net-1:mac=02:00:00:00:00:01 --network=net-2 alpine # net-1 gets static mac, net-2 gets random mac
$ podman run --rm -it --network=net-1:mac=02:00:00:00:00:01 --network=net-2:mac=02:00:00:00:00:02 alpine # both get static mac

[DSS3113]

You're right, I apologize. I should've clarified that the docker example failing was in the case when the --mac-address flag is specified with multiple networks.

[jglogan]

@DSS3113 Thank you! Got a bit of a backlog but let's get the workflow going and I'll try to look it over no later than early next week.

[jglogan]

@DSS3113 however, an immediate comment relating to the multiple networks aspect.

What do you think about handling attachment properties similarly to mount options for filesystems?

This has the attractive property of being extensible without cluttering the CLI with a bunch of options.

The drawback is discovery/documentation isn't as simple; there's only so much you can include in the help for a single option.

Example:

container run --network default --network backend,mac=addr1 --network backend2,mac=addr2

[DSS3113]

@DSS3113 however, an immediate comment relating to the multiple networks aspect.

What do you think about handling attachment properties similarly to mount options for filesystems?

This has the attractive property of being extensible without cluttering the CLI with a bunch of options.

The drawback is discovery/documentation isn't as simple; there's only so much you can include in the help for a single option.

Example:

container run --network default --network backend,mac=addr1 --network backend2,mac=addr2

@jglogan Sure, I can start adjusting it to match this format.

[jglogan]

@DSS3113 Building now but there are conflicts (probably because of the just merged --network none stuff).

I'll also pull down a patch into my local and test it out, looking fwd to trying it!