search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.34k stars 2.38k forks source link

netavark error : Enable to run many containers #22261

Closed sintesfabien closed 6 months ago

sintesfabien commented 6 months ago

Issue Description

Hello, I'm unable to run many podman containers like : nginx, redis or hello-word ! I have always the same error netavark error.

Steps to reproduce the issue

Steps to reproduce the issue : podman run --name nginx -p 8080:80 docker.io/nginx

Describe the results you received

Error: netavark: No such file or directory (os error 2)

Describe the results you expected

I would like the container starts.

podman info output

OS : Debian 12.5 up to date

podman info :
host:
  arch: amd64
  buildahVersion: 1.28.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2.1.6+ds1-1_amd64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.6, commit: unknown'
  cpuUtilization:
    idlePercent: 96.29
    systemPercent: 0.99
    userPercent: 2.72
  cpus: 2
  distribution:
    codename: bookworm
    distribution: debian
    version: "12"
  eventLogger: journald
  hostname: srvgeddev
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.1.0-13-amd64
  linkmode: dynamic
  logDriver: journald
  memFree: 2172055552
  memTotal: 8326889472
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun_1.8.1-1+deb12u1_amd64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.1
      commit: f8a096be060b22ccd3d5f3ebe44108517fbf6c30
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: true
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns_1.2.0-1_amd64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.4
  swapFree: 10691276800
  swapTotal: 10691276800
  uptime: 1h 8m 30.00s (Approximately 0.04 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 17
    paused: 0
    running: 16
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 61570211840
  graphRootUsed: 11279654912
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 10
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.1
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.19.8
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.1

podman version :
Client:       Podman Engine
Version:      4.3.1
API Version:  4.3.1
Go Version:   go1.19.8
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

dpkg -s podman
Package: podman
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 35951
Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
Architecture: amd64
Source: libpod (4.3.1+ds1-8)
Version: 4.3.1+ds1-8+b1
Depends: libc6 (>= 2.34), libdevmapper1.02.1 (>= 2:1.02.97), libgpgme11 (>= 1.4.1), libseccomp2 (>= 2.5.0), libsubid4 (>= 1:4.11.1), conmon (>= 2.0.18~), golang-github-containers-common, crun | runc (>= 1.0.0~rc92~)
Recommends: buildah (>= 1.28), dbus-user-session, fuse-overlayfs (>= 1.0.0~), slirp4netns (>= 0.4.1~), catatonit | tini | dumb-init, uidmap
Suggests: containers-storage, docker-compose, iptables
Breaks: buildah (<< 1.10.1-6), fuse-overlayfs (<< 0.7.1), slirp4netns (<< 0.4.1)
Conffiles:
 /etc/cni/net.d/87-podman-bridge.conflist a87c090f17c5274af878e7106e969b60
 /etc/containers/libpod.conf ceec5a77b5f6a56d212eeed7b707d322
Description: engine to run OCI-based containers in Pods
 Podman is an engine for running OCI-based containers in Pods.
 Podman provides a CLI interface for managing Pods, Containers, and
 Container Images.
 .
 At a high level, the scope of libpod and podman is the following:
  * Support multiple image formats including the OCI and Docker image
    formats.
  * Support for multiple means to download images including trust & image
    verification.
  * Container image management (managing image layers, overlay filesystems,
    etc).
  * Full management of container lifecycle.
  * Support for pods to manage groups of containers together.
  * Resource isolation of containers and pods.
  * Support for a Docker-compatible CLI interface through Podman.
 .
 Podman is a daemon-less alternative to Docker.
Built-Using: containerd (= 1.6.20~ds1-1), docker-registry (= 2.8.2+ds1-1), docker.io (= 20.10.24+dfsg1-1), golang-1.19 (= 1.19.8-2), golang-dbus (= 5.1.0-1), golang-fsnotify (= 1.6.0-2), golang-ginkgo (= 1.16.5-3), golang-github-acarl005-stripansi (= 0.0~git20180116.5a71ef0-3), golang-github-appc-cni (= 1.1.2-1), golang-github-blang-semver (= 4.0.0-1), golang-github-buger-goterm (= 0.0+git20181115.c206103-3), golang-github-cespare-xxhash (= 2.1.1-2), golang-github-checkpoint-restore-go-criu (= 5.3.0-2), golang-github-chzyer-readline (= 1.4.39.g2972be2-3), golang-github-cilium-ebpf (= 0.9.1-1), golang-github-containerd-stargz-snapshotter (= 0.12.0-2), golang-github-containernetworking-plugins (= 1.1.1+ds1-3), golang-github-containers-buildah (= 1.28.2+ds1-3), golang-github-containers-common (= 0.50.1+ds1-4), golang-github-containers-image (= 5.23.1-4), golang-github-containers-ocicrypt (= 1.0.3-1), golang-github-containers-psgo (= 1.7.1+ds1-1), golang-github-containers-storage (= 1.43.0+ds1-8), golang-github-coreos-bbolt (= 1.3.6-2), golang-github-coreos-go-systemd (= 22.3.2-1), golang-github-cyphar-filepath-securejoin (= 0.2.3-1), golang-github-davecgh-go-spew (= 1.1.1-3), golang-github-disiqueira-gotree (= 3.0.2-2), golang-github-docker-docker-credential-helpers (= 0.6.4+ds1-1), golang-github-docker-go-connections (= 0.4.0-4), golang-github-docker-go-units (= 0.4.0-4), golang-github-docker-libtrust (= 0.0~git20150526.0.9cbd2a1-3.1), golang-github-fsouza-go-dockerclient (= 1.8.1-1), golang-github-fullsailor-pkcs7 (= 0.0~git20210826.33d0574-2), golang-github-ghodss-yaml (= 1.0.0+git20220118.d8423dc-2), golang-github-golang-protobuf-1-3 (= 1.3.5-4), golang-github-google-go-intervals (= 0.0.2-2), golang-github-google-gofuzz (= 1.2.0-1), golang-github-google-shlex (= 0.0~git20191202.e7afc7f-1), golang-github-google-uuid (= 1.3.0-1), golang-github-gorilla-handlers (= 1.5.1-3), golang-github-gorilla-mux (= 1.8.0-1), golang-github-gorilla-schema (= 1.2.0-2), golang-github-hashicorp-errwrap (= 1.1.0-1), golang-github-hashicorp-go-multierror (= 1.1.1-2), golang-github-jinzhu-copier (= 0.3.2-2), golang-github-json-iterator-go (= 1.1.12-1), golang-github-juju-ansiterm (= 1.0.0-1), golang-github-klauspost-compress (= 1.15.12+ds1-3), golang-github-klauspost-pgzip (= 1.2.5-2), golang-github-kr-fs (= 0.1.0-2), golang-github-lunixbochs-vtclean (= 1.0.0-1), golang-github-manifoldco-promptui (= 0.8.0-2), golang-github-mattn-go-colorable (= 0.1.13-1), golang-github-mattn-go-isatty (= 0.0.17-1), golang-github-mattn-go-runewidth (= 0.0.14-1), golang-github-mattn-go-shellwords (= 1.0.10-2), golang-github-moby-sys (= 0.0~git20220606.416188a-1), golang-github-moby-term (= 0.0~git20221120.abb1982-1), golang-github-modern-go-concurrent (= 1.0.3-1.1), golang-github-modern-go-reflect2 (= 1.0.2-2), golang-github-morikuni-aec (= 1.0.0-3), golang-github-nxadm-tail (= 1.4.5+ds1-5), golang-github-opencontainers-go-digest (= 1.0.0-2), golang-github-opencontainers-image-spec (= 1.1.0~rc2-3), golang-github-opencontainers-runtime-tools (= 0.9.0+git20220423.g0105384-2), golang-github-opencontainers-selinux (= 1.10.0+ds1-1), golang-github-opencontainers-specs (= 1.0.2.118.g5cfc4c3-1), golang-github-openshift-imagebuilder (= 1.2.3+ds1-2), golang-github-pkg-errors (= 0.9.1-2), golang-github-pkg-sftp (= 1.13.5-2), golang-github-pmezard-go-difflib (= 1.0.0-3), golang-github-proglottis-gpgme (= 0.1.1-2), golang-github-rivo-uniseg (= 0.4.2-1), golang-github-spf13-cobra (= 1.6.1-1), golang-github-spf13-pflag (= 1.0.6~git20210604-d5e0c0615ace-1), golang-github-sylabs-sif (= 2.8.3-1), golang-github-ulikunitz-xz (= 0.5.6-2), golang-github-vbatts-tar-split (= 0.11.2+ds1-1), golang-github-vbauerster-mpb (= 7.3.2-1), golang-github-vishvananda-netlink (= 1.1.0.125.gf243826-4), golang-github-vishvananda-netns (= 0.0~git20211101.5004558-1), golang-github-vividcortex-ewma (= 1.1.1-2), golang-github-xeipuuv-gojsonpointer (= 0.0~git20190905.02993c4-3), golang-github-xeipuuv-gojsonreference (= 0.0~git20180127.bd5ef7b-3), golang-github-xeipuuv-gojsonschema (= 1.2.0-3), golang-go-patricia (= 2.3.1-1), golang-go-zfs (= 3.0.0-1), golang-go.crypto (= 1:0.4.0-1), golang-gocapability-dev (= 0.0+git20200815.42c35b4-2), golang-gogoprotobuf (= 1.3.2-3), golang-golang-x-net (= 1:0.7.0+dfsg-1), golang-golang-x-sync (= 0.1.0-1), golang-golang-x-sys (= 0.3.0-1), golang-golang-x-term (= 0.3.0-1), golang-golang-x-text (= 0.7.0-1), golang-golang-x-xerrors (= 0.0~git20200804.5ec99f8-1), golang-gomega (= 1.10.3-1), golang-google-genproto (= 0.0~git20200413.b5235f6-3), golang-google-grpc (= 1.33.3-2), golang-google-protobuf (= 1.28.1-3), golang-gopkg-inf.v0 (= 0.9.1-2), golang-gopkg-square-go-jose.v2 (= 2.6.0-2), golang-gopkg-tomb.v1 (= 0.0~git20141024.0.dd63297-8), golang-gopkg-yaml.v3 (= 3.0.1-3), golang-k8s-sigs-yaml (= 1.3.0-1), golang-logrus (= 1.9.0-1), golang-toml (= 1.2.0-2), golang-yaml.v2 (= 2.4.0-4), rootlesskit (= 1.1.0-1), runc (= 1.1.5+ds1-1)
Homepage: https://github.com/containers/podman

Podman in a container

No

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

I have found other problems like this one. It seems it is a iptables dependency problem. But iptables is installed :


$>apt list iptables :
iptables/stable,now 1.8.9-2 amd64  [installé]

$>/usr/sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
NETAVARK_FORWARD  all  --  anywhere             anywhere             /* netavark firewall plugin rules */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain NETAVARK_FORWARD (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             10.88.0.0/16         ctstate RELATED,ESTABLISHED
ACCEPT     all  --  10.88.0.0/16         anywhere

Additional information

strace podman start nginx : [...]

newfstatat(AT_FDCWD, "/etc/containers/containers.conf", {st_mode=S_IFREG|0644, st_size=24216, ...}, 0) = 0
openat(AT_FDCWD, "/etc/containers/containers.conf", O_RDONLY|O_CLOEXEC) = 7
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=1100486696, u64=139931134990376}}) = -1 EPERM (Opération non permise)
read(7, "# The containers configuration f"..., 512) = 512
read(7, " command\n# line. Container engin"..., 384) = 384
read(7, "ngs, or the default settings.\n\n["..., 512) = 512
read(7, "\"none\" which means\n# no base hos"..., 640) = 640
read(7, "n.\n#\n#cgroups = \"enabled\"\n\n# Lis"..., 1024) = 1024
read(7, "ntainer>:<permissions>\", for exa"..., 1024) = 1024
read(7, "t.containers.internal entry in t"..., 1280) = 1280
read(7, "hareable IPC Namespace for the c"..., 1536) = 1536
read(7, "ally adding  the container's  ow"..., 2560) = 2560
read(7, "rwise it is likely that\n# iptabl"..., 2816) = 2816
read(7, "stries.conf(5).\n#compat_api_enfo"..., 4096) = 4096
read(7, ", of the docker-archive transpor"..., 5376) = 5376
read(7, "meout = 5\n\n# Paths to look for a"..., 6912) = 2456
read(7, "", 4456)                       = 0
close(7)                                = 0
setrlimit(RLIMIT_NOFILE, {rlim_cur=1024*1024, rlim_max=1024*1024}) = 0
umask(022)                              = 022
statfs("/sys/fs/cgroup", {f_type=CGROUP2_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getuid()                                = 0
getuid()                                = 0
getuid()                                = 0
newfstatat(AT_FDCWD, "/usr/share/containers/storage.conf", 0xc000472378, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
newfstatat(AT_FDCWD, "/run", {st_mode=S_IFDIR|0755, st_size=1240, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/run/containers", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/run/containers/storage", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/containers", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/containers/storage", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/usr/bin/crun", {st_mode=S_IFREG|0755, st_size=490184, ...}, 0) = 0
getuid()                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/pid_max", O_RDONLY|O_CLOEXEC) = 7
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=1100486696, u64=139931134990376}}) = 0
fcntl(7, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
fstat(7, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
read(7, "4194304\n", 512)               = 8
read(7, "", 504)                        = 0
epoll_ctl(4, EPOLL_CTL_DEL, 7, 0xc00055d1c4) = 0
close(7)                                = 0
setrlimit(RLIMIT_NPROC, {rlim_cur=4096*1024, rlim_max=4096*1024}) = 0
newfstatat(AT_FDCWD, "/usr/share/containers/containers.conf", {st_mode=S_IFREG|0644, st_size=24151, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/containers/containers.conf", {st_mode=S_IFREG|0644, st_size=24216, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/containers/containers.conf.d", 0xc000472d38, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (Aucun fichier ou dossier de ce type)
getuid()                                = 0
openat(AT_FDCWD, "/usr/share/containers/containers.conf", O_RDONLY|O_CLOEXEC) = 7
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=1100486696, u64=139931134990376}}) = -1 EPERM (Opération non permise)
read(7, "# The containers configuration f"..., 512) = 512
read(7, " command\n# line. Container engin"..., 384) = 384
read(7, "ngs, or the default settings.\n\n["..., 512) = 512
read(7, "\"none\" which means\n# no base hos"..., 640) = 640
read(7, "n.\n#\n#cgroups = \"enabled\"\n\n# Lis"..., 1024) = 1024
read(7, "ntainer>:<permissions>\", for exa"..., 1024) = 1024
read(7, "t.containers.internal entry in t"..., 1280) = 1280
read(7, "hareable IPC Namespace for the c"..., 1536) = 1536
read(7, "ally adding  the container's  ow"..., 2560) = 2560
read(7, "rwise it is likely that\n# iptabl"..., 2816) = 2816
read(7, "the keys sequence used to detach"..., 4096) = 4096
read(7, "ult,\n# Podman creates single-ima"..., 5376) = 5376
read(7, "ata, runsc, krun, etc)\n[engine.r"..., 6912) = 2391
read(7, "", 4521)                       = 0
close(7)                                = 0
openat(AT_FDCWD, "/etc/containers/containers.conf", O_RDONLY|O_CLOEXEC) = 7
epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=1100486696, u64=139931134990376}}) = -1 EPERM (Opération non permise)
read(7, "# The containers configuration f"..., 512) = 512
read(7, " command\n# line. Container engin"..., 384) = 384
read(7, "ngs, or the default settings.\n\n["..., 512) = 512
read(7, "\"none\" which means\n# no base hos"..., 640) = 640
read(7, "n.\n#\n#cgroups = \"enabled\"\n\n# Lis"..., 1024) = 1024
read(7, "ntainer>:<permissions>\", for exa"..., 1024) = 1024
read(7, "t.containers.internal entry in t"..., 1280) = 1280
read(7, "hareable IPC Namespace for the c"..., 1536) = 1536
read(7, "ally adding  the container's  ow"..., 2560) = 2560
read(7, "rwise it is likely that\n# iptabl"..., 2816) = 2816
read(7, "stries.conf(5).\n#compat_api_enfo"..., 4096) = 4096
read(7, ", of the docker-archive transpor"..., 5376) = 5376
read(7, "meout = 5\n\n# Paths to look for a"..., 6912) = 2456
read(7, "", 4456)                       = 0
close(7)                                = 0
geteuid()                               = 0
newfstatat(AT_FDCWD, "/usr/share/containers/storage.conf", 0xc000472e08, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
newfstatat(AT_FDCWD, "/run", {st_mode=S_IFDIR|0755, st_size=1240, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/run/containers", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/run/containers/storage", {st_mode=S_IFDIR|0700, st_size=120, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/containers", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/var/lib/containers/storage", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
futex(0xc000068d48, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[HUP INT QUIT ILL TRAP ABRT BUS FPE SEGV TERM STKFLT CHLD URG PROF SYS RTMIN RT_1 RT_2], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[HUP INT QUIT ILL TRAP ABRT BUS FPE SEGV TERM STKFLT CHLD URG PROF SYS RTMIN RT_1 RT_2], NULL, 8) = 0
futex(0xc000068948, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x237cb08, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
rt_sigprocmask(SIG_SETMASK, ~[HUP INT QUIT ILL TRAP ABRT BUS FPE SEGV TERM STKFLT CHLD URG PROF SYS RTMIN RT_1 RT_2], NULL, 8) = 0
futex(0xc000068d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x237cb08, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
futex(0xc000100148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x237cb08, FUTEX_WAIT_PRIVATE, 0, NULLError: unable to start container "301daad6659c82e79266c87e35bd0455d80a475cffe3eab102b58692377dcf04": netavark: No such file or directory (os error 2)
) = ?
+++ exited with 125 +++
Luap99 commented 6 months ago

Note we only support the latest versions upstream, so my first suggestion try with the latest podman and netavark version.

And for you strace you need to add -f othwerwise it will not follow the child threads/processes.

Is iptables even in $PATH? The fact the your run it as /usr/sbin/iptables makes me suspicious.

sintesfabien commented 6 months ago

Hello. I can see the error with strace -f : 

[pid 30210] execve("/usr/local/bin/iptables", ["iptables", "--version"], 0x7ffca5e95318 /* 25 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 30210] execve("/usr/bin/iptables", ["iptables", "--version"], 0x7ffca5e95318 /* 25 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 30210] execve("/bin/iptables", ["iptables", "--version"], 0x7ffca5e95318 /* 25 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 30210] execve("/usr/local/games/iptables", ["iptables", "--version"], 0x7ffca5e95318 /* 25 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 30210] execve("/usr/games/iptables", ["iptables", "--version"], 0x7ffca5e95318 /* 25 vars */) = -1 ENOENT (Aucun fichier ou dossier de ce type)

It was a path problem : /usr/sbin is not in $PATH.

So you are totally reason. Thank you very much.

My debian version is up to date (12.5) and I can't upgrade podman to v5 with debian repository. Is there a repository I can add to my sources list for automatic upgrade ? (or I have to download package and install manually).

Witch is the best way to update path without update system path ? Can I add an option to the container to specify a new PATH ?

Thank you again.

Luap99 commented 6 months ago

No you would need to make sure $PATH is set correctly. I have no idea /usr/sbin would not be added by default, this looks like a configuration issue on your end.

We do not maintain any repos ourself for newer versions on debian based distros.

sintesfabien commented 5 months ago

Thank you. With debian, system bins are not in PATH for no root users (only /usr/bin of course). And for root, we have to exec "su -" (not only "su" to have root bash executed). Perhaps, you should consider iptables is not necessarely included because podman is not designed only for admins ?