Sysctl: error setting key 'net.ipv4.conf.all.src_valid_mark': Read-only file system

kianbahasadri · March 11, 2025, 3:49pm

Hello, a little late to the party but I’ve found a good fix.
include this line into the Dockerfile

RUN sed -i 's|\[\[ $proto == -4 \]\] && cmd sysctl -q net\.ipv4\.conf\.all\.src_valid_mark=1|[[ $proto == -4 ]] \&\& [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \&\& cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick && \

And include the following option in docker compose (or the cli equivalent)

    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

This change makes wg-quick attempt to modify the value of net.ipv4.conf.all.src_valid_mark only when its not already set to 1. Docker compose sets it to 1 so the illegal operation never occurs.

I found this solution in the linuxserver/wireguard Dockerfile

Topic		Replies	Views
Cannot start wireguard-server, RTNETLINK answers: Operation not permitted Docker Hub	6	13169	December 28, 2021
Transmission fails inside Docker Desktop container on Windows 10 WSL2 Docker Desktop	1	1294	July 28, 2021
Docker compose sysctls option Docker Hub	0	2378	March 11, 2019
Unable to start a container when using the --sysctl flag General	5	8133	June 29, 2017
Sysctl -p doesn't work Docker Desktop windows	1	2914	May 7, 2018

Sysctl: error setting key 'net.ipv4.conf.all.src_valid_mark': Read-only file system

Related topics