search

opencontainers / runc

CLI tool for spawning and running containers according to the OCI specification
https://www.opencontainers.org/
Apache License 2.0
11.8k stars 2.1k forks source link

Issue with default bridge networking #792

Open amitsaha opened 8 years ago

amitsaha commented 8 years ago

I have used netns to setup the default bridge networking, I can ping external hosts, but I cannot resolve any hosts (even though I have set resolv.conf) and cannot make any HTTP requests to a host using it's IP address:


# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
37: eth0@if38: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 86:62:e2:e8:45:7f brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.10/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::8462:e2ff:fee8:457f/64 scope link 
       valid_lft forever preferred_lft forever

/ # wget  10.117.148.5
Connecting to 10.117.148.5 (10.117.148.5:80)
wget: can't connect to remote host (10.117.148.5): Host is unreachable

/ # ping  10.117.148.5
PING 10.117.148.5 (10.117.148.5): 56 data bytes
64 bytes from 10.117.148.5: seq=0 ttl=63 time=0.265 ms
^C
--- 10.117.148.5 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.265/0.265/0.265 ms

Here's my config.json:

{
        "ociVersion": "0.6.0-dev",
        "platform": {
                "os": "linux",
                "arch": "amd64"
        },
        "process": {
                "terminal": true,
                "user": {},
                "args": [
                        "sh"
                ],
                "env": [
                        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                        "TERM=xterm"
                ],
                "cwd": "/",
                "capabilities": [
                        "CAP_CHOWN",
                        "CAP_DAC_OVERRIDE",
                        "CAP_FSETID",
                        "CAP_FOWNER",
                        "CAP_MKNOD",
                        "CAP_NET_RAW",
                        "CAP_SETGID",
                        "CAP_SETUID",
                        "CAP_SETFCAP",
                        "CAP_SETPCAP",
                        "CAP_NET_BIND_SERVICE",
                        "CAP_SYS_CHROOT",
                        "CAP_KILL",
                        "CAP_AUDIT_WRITE"
                ],
                "rlimits": [
                        {
                                "type": "RLIMIT_NOFILE",
                                "hard": 1024,
                                "soft": 1024
                        }
                ]
        },
        "root": {
                "path": "rootfs",
                "readonly": false
        },
        "mounts": [
                {
                        "destination": "/proc",
                        "type": "proc",
                        "source": "proc"
                },
                {
                        "destination": "/dev",
                        "type": "tmpfs",
                        "source": "tmpfs",
                        "options": [
                                "nosuid",
                                "strictatime",
                                "mode=755",
                                "size=65536k"
                        ]
                },
                {
                        "destination": "/dev/pts",
                        "type": "devpts",
                        "source": "devpts",
                        "options": [
                                "nosuid",
                                "noexec",
                                "newinstance",
                                "ptmxmode=0666",
                                "mode=0620",
                                "gid=5"
                        ]
                },
                {
                        "destination": "/dev/shm",
                        "type": "tmpfs",
                        "source": "shm",
                        "options": [
                                "nosuid",
                                "noexec",
                                "nodev",
                                "mode=1777",
                                "size=65536k"
                        ]
                },
                {
                        "destination": "/dev/mqueue",
                        "type": "mqueue",
                        "source": "mqueue",
                        "options": [
                                "nosuid",
                                "noexec",
                                "nodev"
                        ]
                },
                {
                        "destination": "/sys",
                        "type": "sysfs",
                        "source": "sysfs",
                        "options": [
                                "nosuid",
                                "noexec",
                                "nodev",
                                "ro"
                        ]
                }
        ],
        "hooks": {
                "prestart": [
                        {
                                "path": "/home/asaha/work/golang/bin/netns"
                        }
                ]
        },
        "linux": {
                "resources": {
                        "devices": [
                                {
                                        "allow": false,
                                        "access": "rwm"
                                }
                        ]
                },
                "namespaces": [
                        {
                                "type": "network"
                        },
                        {
                                "type": "pid"
                        },
                        {
                                "type": "mount"
                        },
                        {
                                "type": "ipc"
                        },
                        {
                                "type": "uts"
                        }
                ]
        }
}

(I am using an Alpine linux rootfs and I have SELinux in permissive mode on Fedora 23).

Any suggestions please?

JakeWarner commented 8 years ago

If you use systemctl and temporarily shutdown firewalld on the host can you resolve/wget?

amitsaha commented 8 years ago

@JakeWarner i think i already tried that, but I will try it again and report back. Thanks for the tip.

amitsaha commented 8 years ago

On Ubuntu, with ufw running, I could get things working without any issues. I will update on Fedora.

gitchomik commented 8 years ago

I have got same issue on Ubuntu 16.04, my steps:

mkdir rootfs
docker export $(docker create ubuntu:14.04) | tar -C rootfs -xvf -
docker-runc spec .

Changes in config.json:

Then I add "nameserver 10.70.1.4" to rootfs/etc/resolv.conf Then "docker-runc start c2" - container starts, but ... I can ping external hosts, but I cannot resolve any hosts and cannot make any HTTP requests, same resolv.conf used in docker works.