buildah
buildah copied to clipboard
No IPv6 access in podman build, but works in podman run
/kind bug
Description
Commands run from inside podman build
have no IPv6 access, while the same commands run from podman run
work fine.
Steps to reproduce the issue:
echo -e 'FROM docker.io/archlinux:latest\nRUN curl --verbose --ipv6 https://google.com' | podman build -
Describe the results you received:
STEP 1/2: FROM docker.io/archlinux:latest
STEP 2/2: RUN curl --verbose --ipv6 https://google.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Trying 2a00:1450:4016:809::200e:443...
* Immediate connect fail for 2a00:1450:4016:809::200e: Network is unreachable
* Closing connection 0
curl: (7) Couldn't connect to server
Error: error building at STEP "RUN curl --verbose --ipv6 https://google.com": error while running runtime: exit status 7
Describe the results you expected:
The same output as with podman run docker.io/archlinux:latest curl --verbose --ipv6 https://google.com
:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 2a00:1450:4016:809::200e:443...
* Connected to google.com (2a00:1450:4016:809::200e) port 443 (#0)
[...]
Output of podman version
:
Client: Podman Engine
Version: 4.0.3
API Version: 4.0.3
Go Version: go1.18
Git Commit: 62534053086fdeba7b93117e7c4dc6e797835a3e
Built: Mon Apr 4 14:54:02 2022
OS/Arch: linux/amd64
Output of podman info --debug
:
host:
arch: amd64
buildahVersion: 1.24.3
cgroupControllers:
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: /usr/bin/conmon is owned by conmon 1:2.1.0-1
path: /usr/bin/conmon
version: 'conmon version 2.1.0, commit: bdb4f6e56cd193d40b75ffc9725d4b74a18cb33c'
cpus: 12
distribution:
distribution: arch
version: unknown
eventLogger: journald
hostname: turing
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.17.1-arch1-1
linkmode: dynamic
logDriver: journald
memFree: 3871182848
memTotal: 16550350848
networkBackend: cni
ociRuntime:
name: crun
package: /usr/bin/crun is owned by crun 1.4.4-1
path: /usr/bin/crun
version: |-
crun version 1.4.4
commit: 6521fcc5806f20f6187eb933f9f45130c86da230
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: /usr/bin/slirp4netns is owned by slirp4netns 1.1.12-1
version: |-
slirp4netns version 1.1.12
commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.3
swapFree: 0
swapTotal: 0
uptime: 51h 24m 12.78s (Approximately 2.12 days)
plugins:
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries: {}
store:
configFile: /home/lambda/.config/containers/storage.conf
containerStore:
number: 7
paused: 0
running: 0
stopped: 7
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/lambda/.local/share/containers/storage
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 3
runRoot: /run/user/1000/containers
volumePath: /home/lambda/.local/share/containers/storage/volumes
version:
APIVersion: 4.0.3
Built: 1649076842
BuiltTime: Mon Apr 4 14:54:02 2022
GitCommit: 62534053086fdeba7b93117e7c4dc6e797835a3e
GoVersion: go1.18
OsArch: linux/amd64
Version: 4.0.3
Package info (e.g. output of rpm -q podman
or apt list podman
):
$ pacman -Qi podman
Name : podman
Version : 4.0.3-1
Description : Tool and library for running OCI-based containers in pods
Architecture : x86_64
URL : https://github.com/containers/podman
Licenses : Apache
Groups : None
Provides : None
Depends On : conmon containers-common crun iptables libdevmapper.so=1.02-64 libgpgme.so=11-64 libseccomp.so=2-64 slirp4netns
Optional Deps : apparmor: for AppArmor support
btrfs-progs: support btrfs backend devices [installed]
catatonit: --init flag support
netavark: for a new container-network-stack implementation
podman-compose: for docker-compose compatibility
podman-docker: for Docker-compatible CLI
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 67.98 MiB
Packager : David Runge <[email protected]>
Build Date : 2022-04-04T14:54:02 CEST
Install Date : 2022-04-04T19:22:55 CEST
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
Do you run podman as rootless?
Yes - interestingly, when running podman run
as root, then not even DNS works (neither for v4 nor v6), but I think that's a different issue.
IPv6 is not enabled on the default network. For rootless we set the slirp4netns settings to incalude enable_ipv6 by default, however buildah does not use these settings.
I see. Is it possible to make buildah set that too? Should I go and open an issue in https://github.com/containers/buildah/?
You do not have to report this in buildah, we can move the issue there.
The only workaround I can think of is replacing the slirp4netns binary with a script that calls slirp4netns --enable-ipv6
...
Otherwise you have to wait until we fix it.
A friendly reminder that this issue had no activity for 30 days.
@flouthoc PTAL
@Xiretza You can use buildah build --network=host ...
to make this work however I agree we should support enable-ipv6
by default as well for private rootless network with slirp4netns so following PR should add that feature: https://github.com/containers/buildah/pull/3969
A friendly reminder that this issue had no activity for 30 days.
@flouthoc DId you ever make this change?
A friendly reminder that this issue had no activity for 30 days.
Yet to visit this again.
A friendly reminder that this issue had no activity for 30 days.
A friendly reminder that this issue had no activity for 30 days.
A friendly reminder that this issue had no activity for 30 days.
Not stale
@flouthoc need you to look at this?
I will take this, I plan to move most podman networking code to c/common. Then I can integrate this here as well, my motivation is mostly adding pasta support but this should also result in allowing buildah to set slirp4netns options.