-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Second podman run fails to bind to port with --userns=keep-id
option
#14465
Comments
@baude PTAL - looks like a gvproxy race? |
Does this only happen with --userns=keep-id? |
Without `--userns=keep-id` I can rerun the command several times with no
error.
…On Fri, Jun 3, 2022, 07:31 Paul Holzinger ***@***.***> wrote:
Does this only happen with --userns=keep-id?
—
Reply to this email directly, view it on GitHub
<#14465 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCHJB3CUSQL7AQMYNRAM4TVNICLPANCNFSM5XVZH2SQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I can reproduce. This not related to gvproxy the full network cleanup is not done. I have no idea why, the podman container cleanup logs says network is already cleaned up but it is clearly leaking the netns. |
Turns out we are never saving the container state after the network setup with a userns. If you run podman inspect on this container it will not show the network info. I don't why this only effects remote, local podman is fine. There must be some different code path were we save the state. |
When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes containers#14465 Signed-off-by: Paul Holzinger <[email protected]>
When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes containers#14465 Signed-off-by: Paul Holzinger <[email protected]>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
podman connects to port the first time, but the second time can't connect. The port is being held onto by gvproxy.
Steps to reproduce the issue:
I ran on m1 mac the same command twice. It succeeded the first time and failed the second.
Describe the results you received:
Describe the results you expected:
Additional information you deem important (e.g. issue happens only occasionally):
Symptoms are similar to #13354
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes, latest from Brew
Additional environment details (AWS, VirtualBox, physical, etc.):
M1 Mac
The text was updated successfully, but these errors were encountered: