search

nestybox / sysbox

An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Apache License 2.0
2.71k stars 151 forks source link

DNS issues when using sysbox-runc in a macvlan #833

Open GiugAles opened 2 weeks ago

GiugAles commented 2 weeks ago

Hey everyone,

thank you for your work on sysbox!

I am running sysbox-runc on archlinux which I know is not officially supported. Still, it would be much appreciated if you could give any pointers.

When I run a container that is connected to a macvlan with sysbox-runc and run e.g. curl example.org in that container, I get a lot of DNS queries even after I get the response from curl. If I use 8.8.8.8 as DNS server via the compose file, everything seems to be working fine. DNS queries go out, request to example.org is made, response is shown, no further DNS queries. However, I am posting this here because if I do not use sysbox-runc, everything works fine without specifying the DNS server in the compose file. I used wireshark for my observations. Any idea what I am missing?

compose file

services:
  debug-dns:
    build:
      context: .
      dockerfile: Dockerfile
    # I toggled these during my experiments
    # runtime: sysbox-runc
    # dns: 8.8.8.8
    entrypoint: ["tail", "-F", "anything"]
    networks:
      debug-network:

networks:
  debug-network:
    external: true
    name: my-macvlan-net

Note: This is image dose not require sysbox-runc. I just used it for demonstration purposes. I encountered this while actually using nestybox/ubuntu-noble-systemd-docker

Corresponding Dockerfile

FROM ubuntu

RUN apt update && apt install -y neovim curl

my-mavlan-net: docker network create -d macvlan --subnet=192.168.2.0/24 --gateway=192.168.2.1 -o parent=eth0 my-macvlan-net

rodnymolina commented 1 week ago

@GiugAles, I ran a quick test with a macvlan custom-network and observed the same forwarding issues in both the sysbox-runc and the regular runc container, so at first glance it doesn't look like a Sysbox-specific issue.

Also, you mentioned that the problem is not seen when you use a compose recipe, but I don't see you specifying the macvlan driver in this compose file.

Leaving the docker-compose variable aside for a moment, can you please try to run two docker containers using the same macvlan driver, one with sysbox-runc and the other with runc, and verify that the problem is only seen in Sysbox?