Paul Holzinger
Paul Holzinger
Why do you need to forward invalid packages? https://github.com/containers/netavark/pull/774 added this because the kernel leaks packages with the container source ip otherwise in a small race out to the lan....
We do have events for network connect/disconnect. The fact that we do have have them for create/remove seems like an oversight.
/packit propose-downstream
quadlet uses `systemd-%P_%I` for templates as name so it doesn't actually parse the name at all currently. I am not sure how qualdet should fix this, i.e. how can we...
Container names (pods, networks, volumes as well) must confirm to this regex `[a-zA-Z0-9][a-zA-Z0-9_.-]*` so no. This seems a general problem, unit names allow different chars than our names so using...
see https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#String%20Escaping%20for%20Inclusion%20in%20Unit%20Names for the escape rules, the `-` to `/` is expected as they use this for path escaping. Using `%i` and `%p` seems logical in that regard because we...
@sbrivio-rh @dgibson PTAL
> I thought that since rootlessport uses 127.0.0.1 and ::1 as source addresses, it would also map the connections that should have those as source addresses, but no, it binds...
> > Overall I think it is far assumption that binding to 127.0.0.1 means no external connections should be made to that address and pasta breaks this assumption by allowing...
> > I wouldn't expect rootlessport processes to be around in this case. How many are running? Can you have a look at their command line? I'm wondering if there's...