search

containerd / nerdctl

contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Apache License 2.0
7.86k stars 585 forks source link

--net=host is not honored in rootless mode #2092

Closed naterini closed 6 months ago

naterini commented 1 year ago

Description

When running nerdctl in rootless mode, passing '--net=host' is ignored. This breaks running any kind of IP based server in a container.

Steps to reproduce the issue

Run any container that will sleep: nerdctl alpine sleep 10000

Attach to the container's sleep process network namespace to dump network:

$ sudo nsenter --target=2987354 -n bash
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UP group default qlen 1000
    link/ether 5a:4d:77:95:de:67 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.100/24 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::584d:77ff:fe95:de67/64 scope link 
       valid_lft forever preferred_lft forever`

Describe the results you received and expected

I would expect ip a in the container namespace to match the host.

What version of nerdctl are you using?

$ /usr/local/bin/nerdctl version
WARN[0000] unable to determine buildctl version: exec: "buildctl": executable file not found in $PATH 
Client:
 Version:       v1.2.1-37-gcd3bc88.m
 OS/Arch:       linux/amd64
 Git commit:    cd3bc88bb05f7fa466c42a96d56f3836b1bb29de.m
 buildctl:
  Version:

Server:
 containerd:
  Version:      fed7df1
  GitCommit:    fed7df1e258461d0a6ffa04d0224a33b34ae4ad3
 runc:
  Version:      1.1.4
  GitCommit:    v1.1.4-0-g5fd4c4d

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

Ubuntu Linux:

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy
fahedouch commented 9 months ago

@AkihiroSuda configuring rootlesskit with --net=host is enough ?

fahedouch commented 6 months ago

closed by https://github.com/containerd/nerdctl/pull/2723