podman not opening port

[supermar1010]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

The port is supposed to be routed to the host, but is not. See the output of podman ps. Port 10080(it is in a different docker-compose/pod) works but 10000 and 18081(both in the same docker-compose/pod) does not, there's no error message or similiar.

Sometimes it works though, I'm not sure what triggers it that it works sometimes.

If I use a bash in the container the port 3000 is open and it returns stuff as its supposed to, so seems to be a mapping bug? In my container I'm listening on *:3000.

lsof -i -P -n | grep LISTEN:

exe 2204 jc2 9u IPv4 30349 0t0 TCP 127.0.0.1:10080 (LISTEN)

podman ps:

[jc2@v220190910461598152 backend]$ podman ps
CONTAINER ID  IMAGE                                   COMMAND               CREATED         STATUS             PORTS              
                                 NAMES
0be12725dfb4  docker.io/library/mongo-express:latest  mongo-express         5 minutes ago   Up 5 minutes ago   127.0.0.1:10000->3000/tcp, 0.0.0.0:18081->8081/tcp  backend_mongo-express_1
6596ecacfe98  docker.io/library/mongo:latest          mongod                5 minutes ago   Up 5 minutes ago   127.0.0.1:10000->3000/tcp, 0.0.0.0:18081->8081/tcp  mongoJC2
c282bfe1789a  docker.io/library/node:latest           bash -c cp /usr/s...  5 minutes ago   Up 5 minutes ago   127.0.0.1:10000->3000/tcp, 0.0.0.0:18081->8081/tcp  backend_node_1
94a666479072  docker.io/library/nginx:alpine          nginx -g daemon o...  40 minutes ago  Up 40 minutes ago  127.0.0.1:10080->80/tcp                             nginx_web_1

Steps to reproduce the issue:

1. For me start the corresponding docker file

Describe the results you received:

Port is not available/open

Describe the results you expected:

Port is opened and listening

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.8.2
RemoteAPI Version:  1
Go Version:         go1.13.6
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: ""
  go version: go1.13.6
  podman version: 1.8.2
host:
  BuildahVersion: 1.14.3
  CgroupVersion: v2
  Conmon:
    package: conmon-2.0.14-1.fc31.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.14, commit: 083a0be12178013d44ff51ceda3090ea741b6516'
  Distribution:
    distribution: fedora
    version: "31"
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 1006
      size: 1
    - container_id: 1
      host_id: 231072
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1006
      size: 1
    - container_id: 1
      host_id: 231072
      size: 65536
  MemFree: 5722062848
  MemTotal: 8342446080
  OCIRuntime:
    name: crun
    package: crun-0.13-1.fc31.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.13
      commit: e79e4de4ac16da0ce48777afb72c6241de870525
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 2
  eventlogger: journald
  hostname: v220190910461598152
  kernel: 5.5.15-200.fc31.x86_64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64
    Version: |-
      slirp4netns version 0.4.0-beta.3+dev
      commit: bbd6f25c70d5db2a1cd3bfb0416a8db99a75ed7e
  uptime: 47m 12.41s
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
store:
  ConfigFile: /home/jc2/.config/containers/storage.conf
  ContainerStore:
    number: 6
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.7.8-1.fc31.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 0.7.8
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  GraphRoot: /home/jc2/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 7
  RunRoot: /run/user/1006/containers
  VolumePath: /home/jc2/.local/share/containers/storage/volumes

Addiotional information

I'm not sure if this is related, but when exiting the bash in the container I get this message:

Error: non zero exit code: 127: OCI runtime error
ERRO[0203] unable to close namespace: "close /proc/39186/ns/user: bad file descriptor" 

I noticed something else, my system reports the ports being opened for a few seconds, then they close again.

[supermar1010]

This is related/the same issue: https://github.com/containers/podman-compose/issues/107

I'm also on fedora 31

I've also found this bug: https://github.com/containers/libpod/issues/5249

For me the port is neither opened on the host nor in the container.

Accessing the internet works from inside the container.

[giuseppe]

There were different fixes with rootlessport after 1.8.2, would it be possible to build podman from git and try with it?

[supermar1010]

Is there a container which can do the build? I'm not really keen to install all the dependencies on my server/desktop And is there a how to build file? I did not find any

[giuseppe]

Dockerfile.fedora has the dependencies you need.

You could use it to create an image with all the build tools, and then create a container with a volume and do the go build within the container.

[aanno]

Same problem here with fedora 32 (podman 1.8.2). Port is not accessible on host system in rootless mode. (It works in root mode.)

[aanno]

@giuseppe: I have compiled podman (libpod) on my own on fedora 32. The issue is solved on master d6b3bc18f85236aa.

However, I'm unable to access mounted files in the container (like --mount type=bind,source=/mnt/home/aanno/scm/scm/docker-compose-files/config/solr/libs/ojdbc8-12.2.0.1.jar,destination=/opt/solr/server/lib/ext/ojdbc8-12.2.0.1.jar,ro). Is this a known issue (e.g. still #3683 or similiar) or should I report that?

[giuseppe]

However, I'm unable to access mounted files in the container (like --mount type=bind,source=/mnt/home/aanno/scm/scm/docker-compose-files/config/solr/libs/ojdbc8-12.2.0.1.jar,destination=/opt/solr/server/lib/ext/ojdbc8-12.2.0.1.jar,ro). Is this a known issue (e.g. still #3683 or similiar) or should I report that?

what error are you seeing? Also, who owns that file?

[aanno]

I was able to fix the issue with

$ chcon -Rt svirt_sandbox_file_t /mnt/home/aanno/scm/scm/docker-compose-files/config/solr/*

like mentioned in #3683. Hence it is SELinux related. However, I think that should be at least be in the troubleshooting guide...

[aanno]

$ ls -Zl  /mnt/home/aanno/scm/scm/docker-compose-files/config/solr
insgesamt 12
drwxrwxr-x. 3 aanno aanno unconfined_u:object_r:container_file_t:s0    19 15. Apr 17:28 collections
-rw-rw-r--. 1 aanno aanno unconfined_u:object_r:container_file_t:s0 11402 31. Mär 17:32 jetty.xml
drwxrwxr-x. 2 aanno aanno unconfined_u:object_r:container_file_t:s0   176 15. Apr 17:28 libs

[giuseppe]

I think that should be at least be in the troubleshooting guide...

would you like to open a PR to describe the issue and the solution you've found?

[aanno]

Well, I commented on PR #5839. If still needed afterwards, I will consider the PR.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@aanno Any movement on this?

[rhatdan]

I am going to close this, since it seems to be dead now. Reopen if I am mistaken.