Jool doesn't work inside Docker containers

[ydahhrk]

The mailing lists have been unusually noisy lately. I'm uploading issues described there to make sure I don't forget them.

Somebody privately (on the dev list) messaged the following problem:

root@abcdefghi:/stuffstuff/Jool/usr# /sbin/modprobe jool pool6=64:ff9b::/96 disabled
root@abcdefghi:/stuffstuff/Jool/usr# jool -d
Jool Error: Could not retrieve the current namespace.
This namespace lacks a Jool instance.

(Error code: 3)

Happens when running those commands in a Docker container.

This commit fixes it for me: 2885aa87aaf41d59c950bd4e7948bcb124dfe850

But the problem persists in the reporter's machine. Still investigating.

[ydahhrk]

3.5.5 released; closing.

[GeorgeGuo2018]

I installed Jool in a container and when i want to create a ipv4 pool, I meet a similar problem。 The environment Info as follows: The container:Linux 10-6-172-50 3.10.0-1062.1.1.el7.x86_64,CentOS Linux release 7.7.1908 (Core)

I run the container using "docker run --privileged --network host -v /usr/src:/usr/src -v /lib/modules:/lib/modules --name myJool -it xxxx"， after that I installed Jool in the container and all seems right util I exec "jool pool4 add --tcp 172.169.74.74/32 30000-30004 ", It returns an error as follows: Error: Jool's socket family doesn't seem to exist. (This probably means Jool hasn't been modprobed.) Netlink error message: Object not found

@ydahhrk Can you give me any idea? That would be appreciated.

[GeorgeGuo2018]

The host on which the container runs is CentOS Linux release 7.5.1804 (Core) with kernel version:Linux 10-6-172-50 3.10.0-1062.1.1.el7.x86_64

And I install Jool in the container using the source code via git clone, which I think would rf to version 4.0.5

[GeorgeGuo2018]

The "dkms install Jool/" seems all right. [root@10-6-172-50 /]# dkms install Jool/

Creating symlink /var/lib/dkms/jool/4.0.5.git.20190926/source -> /usr/src/jool-4.0.5.git.20190926

DKMS: add completed.

Kernel preparation unnecessary for this kernel. Skipping...

Building module: cleaning build area... make -j8 KERNELRELEASE=3.10.0-1062.1.1.el7.x86_64 -C /lib/modules/3.10.0-1062.1.1.el7.x86_64/build SUBDIRS=/var/lib/dkms/jool/4.0.5.git.20190926/build/src/mod/nat64 modules && make -C /lib/modules/3.10.0-1062.1.1.el7.x86_64/build SUBDIRS=/var/lib/dkms/jool/4.0.5.git.20190926/build/src/mod/siit modules............... cleaning build area...

DKMS: build completed.

jool.ko: Running module version sanity check.

• Original module
  • No original module exists within this kernel
• Installation
  • Installing to /lib/modules/3.10.0-1062.1.1.el7.x86_64/extra/

jool_siit.ko: Running module version sanity check.

• Original module
  • No original module exists within this kernel
• Installation
  • Installing to /lib/modules/3.10.0-1062.1.1.el7.x86_64/extra/ Adding any weak-modules

depmod...

DKMS: install completed.

[JAORMX]

@GeorgeGuo2018 If you require that Jool runs via systemd inside the container, make the container privileged and even expose the host network to it; why do you need it in a container? Is it only for the package management?

Normally you want to enable/disable kernel modules outside of containers, the container will only give you isolation on user-space anyways.

If you REALLY need to run systemd inside the container, you could follow this: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container/ but I discourage that in favor of either just running the service on the host, or running the service called by systemd directly as the container command instead of expecting systemd to run it.

[GeorgeGuo2018]

@ydahhrk sorry,The cmd I use to start the container is "docker run --privileged --network host --name myJool -d centos /usr/sbin/init". It seems that Jool did not insert into kernel.

Netlink error message: Object not found [root@10-6-172-50 Jool]# systemctl is-active jool unknown [root@10-6-172-50 Jool]# systemctl is-failed jool unknown [root@10-6-172-50 Jool]# systemctl stop jool Failed to stop jool.service: Unit jool.service not loaded.

[GeorgeGuo2018]

@GeorgeGuo2018 If you require that Jool runs via systemd inside the container, make the container privileged and even expose the host network to it; why do you need it in a container? Is it only for the package management?

Normally you want to enable/disable kernel modules outside of containers, the container will only give you isolation on user-space anyways.

If you REALLY need to run systemd inside the container, you could follow this: https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container/ but I discourage that in favor of either just running the service on the host, or running the service called by systemd directly as the container command instead of expecting systemd to run it.

Hi,JAORMX. If i donot use " /usr/sbin/init" in the docker run command, There would exist a "Failed to get D-Bus connection" err while execing "dkms install Jool/"

[ydahhrk]

Did you modprobe the module? You never said you did.

sudo modprobe jool

It can be done either in the host or in the container; it shouldn't matter.