podman 4.0 hangs indefinitely if ipv6 is disabled on system

[craftyguy]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Podman 4.0.1 will hang indefinitely with this warning if ipv6 is disabled on the system:

level=warning msg="failed to set net.ipv6.conf.default.accept_dad sysctl: open /proc/sys/net/ipv6/conf/default/accept_dad: no such file or directory"

Steps to reproduce the issue:

1. disable ipv6 (e.g. with kernel parameter ipv6.disable=1

2. podman run --rm hello-world

Describe the results you received:

podman doesn't run the simple hello-world container

Describe the results you expected:

podman to run the container. I expect that warnings don't hang the application, anything that is required and missing should be an error, not a warning. I also expect podman to actually work without ipv6 enabled :)

Additional information you deem important (e.g. issue happens only occasionally):

happens every time on an Alpine Linux host. podman 3.x did not have this issue

Output of podman version:

Client:       Podman Engine
Version:      4.0.1
API Version:  4.0.1
Go Version:   go1.17.7
Git Commit:   c0e1dde8334e8a3a2a2bb025075d8ed68574ee33
Built:        Mon Feb 28 18:03:49 2022
OS/Arch:      linux/amd64

Output of podman info --debug:

❯ podman info --debug
host:
  arch: amd64
  buildahVersion: 1.24.1
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.0-r0
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: feb71f1a6023ee6d874ed0a62a46a205a92f5dfc'
  cpus: 12
  distribution:
    distribution: alpine
    version: 3.15.0
  eventLogger: file
  hostname: librem14
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.15.24-2-lts
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 30535794688
  memTotal: 33538830336
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.4.2-r0
    path: /usr/bin/crun
    version: |-
      crun version 1.4.2
      commit: f6fbc8f840df1a414f31a60953ae514fa497c748
      spec: 1.0.0
      +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /tmp/1000-runtime-dir/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-r0
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 8384409600
  swapTotal: 8384409600
  uptime: 4m 52.37s
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/clayton/.config/containers/storage.conf
  containerStore:
    number: 5
    paused: 0
    running: 0
    stopped: 5
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/clayton/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /tmp/1000-runtime-dir/containers
  volumePath: /home/clayton/.local/share/containers/storage/volumes
version:
  APIVersion: 4.0.1
  Built: 1646100229
  BuiltTime: Mon Feb 28 18:03:49 2022
  GitCommit: c0e1dde8334e8a3a2a2bb025075d8ed68574ee33
  GoVersion: go1.17.7
  OsArch: linux/amd64
  Version: 4.0.1

Package info (e.g. output of rpm -q podman or apt list podman):

❯ apk info podman
podman-4.0.1-r1 description:
Simple management tool for pods, containers and images

podman-4.0.1-r1 webpage:
https://podman.io/

podman-4.0.1-r1 installed size:
49 MiB

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Alpine Linux Edge, x86_64, linux-lts kernel @ 5.15.24

strace output: strace.log

[mheon]

@baude @Luap99 PTAL

[jewthon]

Plz assign me this issue . I want to work on it @Luap99 @baude

[Luap99]

@jewthon You got it, feel free to ping me if you need help.

[rhatdan]

We need this pretty quick though, I have a feeling a lot of users do this. Especially in security consious locations where they don't use IPV6

[baude]

shouldn't this be implemented in netavark ?

[Luap99]

no this is a slirp4netns ipv6 hack

[Luap99]

the workaround is to set network_cmd_options = [] under the [engine] section in ~/.config/containers/containers.conf

[jewthon]

If you include an error handling function in the errorhandlingfile in pkg section and include there that whenever that type of warning comes give an error message . Is this implementation ok ?

…

On Tue, Mar 8, 2022, 7:47 PM Paul Holzinger ***@***.***> wrote: the workaround is to set network_cmd_options = [] under the [engine] section in ~/.config/containers/containers.conf — Reply to this email directly, view it on GitHub <#13388 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWGMRINOGDY6JT4GU4WOHB3U65OQ5ANCNFSM5PUWKHBQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[Luap99]

You should ignore ENOENT here:

podman/libpod/networking_slirp4netns.go

Line 321 in acfcecf

return err

But the more important part is to fix the hang, the way how slirpReadyChan is completely broken. It also does not actually check that the sysctl is set before we start slirp4netns. So I think fixing the synchronization is more complicated.

[baude]

user has reported this again on irc; any progress?

[jewthon]

Not yet . I have tried . But couldn't. Sorry

…

On Fri, Mar 11, 2022, 8:24 PM Brent Baude ***@***.***> wrote: user has reported this again on irc; any progress? — Reply to this email directly, view it on GitHub <#13388 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWGMRIJO3W57BU2D2OLBC5LU7NNDRANCNFSM5PUWKHBQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[Luap99]

I will fix it.

[Luap99]

#13485 should fix it. It would be great if someone could test this on a system with ipv6 disabled.