-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Container gets private network when pod is created with --network=host #13763
Comments
The infra container looks fine but the shared namespaces are not, I only see that uts and ipc are shared. |
Problems seems to be here: https://github.com/containers/podman/blame/main/pkg/specgen/generate/namespaces.go#L486-L490 I don't understand why this was added but it is definitely broken in v3.4 as well. |
The problem is that we cannot join the infra namespaces as rootless when the infra already runs in the host namesapce. The oci runtime will fail with eperm on setns. I think we should catch this in podman and set the container to the host ns when the infra already uses the host ns. I would think the other namespace options have the same problem. |
A friendly reminder that this issue had no activity for 30 days. |
I will tackle this one |
When you have utsns="host" set in containers.conf the podman pod create command currently fails because it always sets a hostname for the pod. This is wrong, we only want a hostname with a private uts namespace. Otherwise we should ignore it. The test currently cannot work rootless because containers#13763. Ref containers#13714 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@Luap99 are you working on this? seeing a bunch of commits |
No see the commit description, this is just related to the other issue. |
the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves containers#13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves containers#13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Steps to reproduce the issue:
podman pod create --network=host --name=net-test
podman run -d --pod=net-test ubi8/ubi:8.5 sleep 300
Describe the results you received:
Describe the results you expected:
Container should also get host network.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes/No
Additional environment details (AWS, VirtualBox, physical, etc.):
Physical, RHEL 8.5, RHEL 8.6 Beta.
The text was updated successfully, but these errors were encountered: