"could not find slirp4netns, the network namespace won't be configured: exec: "slirp4netns": executable file not found in $PATH"

[lukasheinrich]

/kind bug

Description

running rootless containers, podman tries to setup rootless networking via slirp4netns and throws an error if it's not available. The container proceeds to run as expected, so I think slirp4netns is an optional dependency (for now).

Describe the results you received:

[vagrant@localhost ~]$ podman run --rm -it busybox echo hello world
ERRO[0000] could not find slirp4netns, the network namespace won't be configured: exec: "slirp4netns": executable file not found in $PATH 
hello world

Describe the results you expected:

no error

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

podman version 0.8.1

Output of podman info:

host:
  MemFree: 239022080
  MemTotal: 504094720
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 1
  hostname: localhost.localdomain
  kernel: 4.16.3-301.fc28.x86_64
  os: linux
  uptime: 13h 30m 13.93s (Approximately 0.54 days)
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ContainerStore:
    number: 0
  GraphDriverName: vfs
  GraphOptions: []
  GraphRoot: /home/vagrant/.local/share/containers/storage
  GraphStatus: {}
  ImageStore:
    number: 1
  RunRoot: /run/user/1000/run

Additional environment details (AWS, VirtualBox, physical, etc.):
fedora 28 vagrant box with SELinux fixes as discussed in #1118

[mheon]

Yeah, it's an optional dependency.
@giuseppe Maybe we should drop with down to WARN log level?

[giuseppe]

without slirp4netns there is no connectivity inside the container, so I think it is an ERROR. Should we perhaps not allow creating a container? The alternative is to use the host network namespace --network host so that slirp4netns is not needed

[mheon]

Hm. I'm fine with leaving it an ERROR level, then. Maybe we should clean the message up a bit? "Cannot start slirp4netns, so networking will not be available in this container"?

[mheon]

We can print a separate debug-level message with the exact error message so we can still track down problems.

[lukasheinrich]

@giuseppe is slirp4netns already packaged as an RPM (i've only seen source builds). How would podman ensure that it's installed?

[lukasheinrich]

also: can it not fall back on VPNkit?

[giuseppe]

@lukasheinrich slirp4netns is packaged for Fedora: https://bodhi.fedoraproject.org/updates/?packages=slirp4netns

We could add support for multiple backends in future, if the need arises, but for now I think it is easier to stick with one. Also, slirp4netns is much faster than VPNKit: https://github.com/rootless-containers/slirp4netns#benchmarks

[rhatdan]

I will add a Recommends: slirp4netns to podman.spec in this weeks build.

[qhaas]

I will add a Recommends: slirp4netns to podman.spec in this weeks build.

Not sure if intentional since 'slirp4netns' is in the 'extras' repo in EL7, but it doesn't get automatically installed with podman 1.4.4 in EL 7.7 x86-64

[rhatdan]

This should be in a bugzilla for RHEL, it should definitely be installed. In RHEL8 is should be a recommends, in RHEL7 it needs to be a requires.