FS#68742 - [containers-common] Introducing the containers.conf as is broke podman run --network='host'
Attached to Project:
Community Packages
Opened by Jonni Westphalen (swizzor) - Wednesday, 25 November 2020, 16:48 GMT
Last edited by David Runge (dvzrv) - Wednesday, 25 November 2020, 19:26 GMT
Opened by Jonni Westphalen (swizzor) - Wednesday, 25 November 2020, 16:48 GMT
Last edited by David Runge (dvzrv) - Wednesday, 25 November 2020, 19:26 GMT
|
Details
With introducing the containers-common package, the
containers.conf was included, which was not done before.
This leads to the problem of not being able to use the network='host' option for podman run. See e. g. [jonny@jonny-arch-pc ~]$ sudo podman run --network='host' docker.io/hello-world Error: sysctl "net.ipv4.ping_group_range" is not allowed in the hosts network namespace: OCI runtime error This worked before, and the error is introduced by the following line of the containers.conf: https://github.com/containers/common/blob/966c55214abf716f21e17cddbf65eea7a1dcb6f0/pkg/config/containers.conf#L82 See e.g. this issue on GitHub: https://github.com/containers/podman/issues/8269 Possible fix: Do not include the containers.conf or make sure that the containers.conf is compatible with Arch Linux |
This task depends upon
Closed by David Runge (dvzrv)
Wednesday, 25 November 2020, 19:26 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with containers-common 0.29.0-3
Wednesday, 25 November 2020, 19:26 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed with containers-common 0.29.0-3
$ podman --log-level=debug run --network=host docker.io/adminer:latest
[...]
Error: capset: Operation not permitted: OCI runtime permission denied error
I will remove the offending sysctl entry. Depending on whether this is fixed by the next podman release (2.2.0) or not we can then remove the fix again (or remove it upstream).
FS#68743. It might be worth adding an upstream ticket for that as well.