Missing somaxconn file inside container #15178
Comments
github-actions
bot
added
remote
rachelwaldon
changed the title
|
I will need @n1hility or others to confirm, but I dont think this a podman issue. I believe the kernel for all WSL operating systems is a microsoft configured and built kernel. |
|
In this particular case the file is exposed in proc, but it's certainly true we are limited to the WSL Kernel and configuration. I think this issue is caused because we default to rootless, and this file is likely not exposed in the namespace. A couple of options for you:
|
|
(I forgot to warn that if you go with |
|
Thanks so much for the response this has been really frustrating. Okay I will explore these options. For my particular situation the error message is important (even though the error itself is not serious) because it's causing issues with a test suite with file diffs. Basically option 1 is out and option 2 is out because I need to run rootless. I will try option 3. Can you confirm it really is wsl causing this issue then? For example, I'm trying podman in linux VM with Ubuntu (without wsl) to see if I still get the same error? |
|
You are right --rootful on Windows does not produce this error. Why? |
|
you are very welcome @rachelwaldon! In this particular case it is not WSL specific. It's a general aspect of rootless containers. Internally rootless containers create linux namespaces to isolate various aspects of the system, including a network namespace. When that namespace is a user namespace, the linux kernel does not export any of the values under sys/net/core: See https://elixir.bootlin.com/linux/latest/source/net/core/sysctl_net_core.c#L645 If you use host networking, the container will instead use the host, which has those values. |
|
Oh okay I think I understand better now. Thanks so much for the explanation, I'm new to containers and rootless. I guess do I close this now? |
|
@rachelwaldon you're welcome! This is a very subtle aspect that even someone who is not new would not necessarily be familiar with. It was a great question. |
github-actions
bot
added
the
locked - please file new issue/PR
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
There is a missing kernel file somaxconn under /proc/sys/net/core/ inside the podman container. I get an error running a program inside the container that says
sock.c: 439 UCX WARN unable to read somaxconn value from /proc/sys/net/core/somaxconn file
Steps to reproduce the issue:
Followed the podman for windows install here https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md
podman build -t test -f Dockerfile (built from Dockerfile)
podman run -it --rm test /bin/bash
Describe the results you received:
Container runs successfully but missing kernel files?
Describe the results you expected:
I would expect somaxconn to be present in the container if it is a typical linux kernel parameter.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version:Output of
podman info --debug:host:
arch: amd64
buildahVersion: 1.26.1
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.1.3-1.fc35.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.3, commit: '
cpuUtilization:
idlePercent: 95.88
systemPercent: 0.73
userPercent: 3.39
cpus: 8
distribution:
distribution: fedora
variant: container
version: "35"
eventLogger: file
hostname: wl-9775808
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.4.72-microsoft-standard-WSL2
linkmode: dynamic
logDriver: journald
memFree: 25851084800
memTotal: 26748067840
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.5-1.fc35.x86_64
path: /usr/bin/crun
version: |-
crun version 1.5
commit: 54ebb8ca8bf7e6ddae2eb919f5b82d1d96863dea
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.1.12-2.fc35.x86_64
version: |-
slirp4netns version 1.1.12
commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.3
swapFree: 7516180480
swapTotal: 7516192768
uptime: 9h 3m 3.55s (Approximately 0.38 days)
plugins:
log:
network:
volume:
registries:
search:
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 3
paused: 0
running: 0
stopped: 3
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 269490393088
graphRootUsed: 20637130752
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 25
runRoot: /run/user/1000/containers
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.1.1
Built: 1658515434
BuiltTime: Fri Jul 22 11:43:54 2022
GitCommit: ""
GoVersion: go1.16.15
Os: linux
OsArch: linux/amd64
Version: 4.1.1
Package info (e.g. output of
rpm -q podmanorapt list podman):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
No
Additional environment details (AWS, VirtualBox, physical, etc.):
Windows 10, wsl 2
The text was updated successfully, but these errors were encountered: