search

termux / termux-docker

Termux environment packaged as Docker image.
510 stars 73 forks source link

Hostnames fail to resolve #63

Open ire4ever1190 opened 9 months ago

ire4ever1190 commented 9 months ago

All hostnames fail to resolve inside the container. I have verified it has connection since I can run curl 1.1.1.1 but trying httpbin.org/ip fails. dnsmasq starts but seems to be stuck since it just eats all of my CPU image

This was the command used to start the container using docker v24.0.7

docker run -it --rm termux/termux-docker:x86_64
THEGOLDENPRO commented 8 months ago

yeah, same issue here. I can't pkg update and I'm not running with --user.

~ $ pkg update
No mirror or mirror group selected. You might want to select one by running 'termux-change-repo'
Testing the available mirrors:
[*] (10) https://packages-cf.termux.dev/apt/termux-main: bad
[*] (1) https://tmx.xvx.my.id/apt/termux-main: bad
[*] (1) https://mirror.textcord.xyz/termux/termux-main: bad
[*] (1) https://mirror.nevacloud.com/applications/termux/termux-main: bad
[*] (1) https://linux.domainesia.com/applications/termux/termux-main: bad
[*] (1) https://mirrors.cbrx.io/apt/termux/termux-main: bad
[*] (1) https://mirror.albony.xyz/termux/termux-main: bad
[*] (1) https://mirror.bardia.tech/termux/termux-main: bad
[*] (1) https://mirror.iscas.ac.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.sdu.edu.cn/termux/termux-main: bad
[*] (1) https://mirrors.qvq.net.cn/termux/termux-main: bad
[*] (1) https://mirrors.sustech.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.hit.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.bfsu.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.scau.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirror.sjtu.edu.cn/termux/termux-main/: bad
[*] (1) https://mirrors.zju.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.nju.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.ustc.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.dgut.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.pku.edu.cn/termux/termux-main/: bad
[*] (1) https://mirror.nyist.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.sau.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.tuna.tsinghua.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.njupt.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirrors.aliyun.com/termux/termux-main: bad
[*] (1) https://mirrors.cqupt.edu.cn/termux/apt/termux-main: bad
[*] (1) https://mirror.sunred.org/termux/termux-main: bad
[*] (1) https://termux.3san.dev/termux/termux-main: bad
[*] (4) https://grimler.se/termux/termux-main: bad
[*] (1) https://mirror.accum.se/mirror/termux.dev/termux-main: bad
[*] (1) https://termux.astra.in.ua/apt/termux-main: bad
[*] (1) https://mirror.autkin.net/termux/termux-main: bad
[*] (1) https://mirrors.cfe.re/termux/termux-main: bad
[*] (1) https://mirror.bouwhuis.network/termux/termux-main: bad
[*] (1) https://termux.librehat.com/apt/termux-main: bad
[*] (1) https://mirror.mwt.me/termux/main: bad
[*] (1) https://mirror.termux.dev/termux-main: bad
[*] (1) https://ro.mirror.flokinet.net/termux/termux-main: bad
[*] (1) https://mirrors.sahilister.in/termux/termux-main: bad
[*] (1) https://is.mirror.flokinet.net/termux/termux-main: bad
[*] (1) https://ftp.fau.de/termux/termux-main: bad
[*] (1) https://termux.cdn.lumito.net/termux-main: bad
[*] (1) https://termux.mentality.rip/termux-main: bad
[*] (1) https://packages.termux.dev/apt/termux-main: bad
[*] (1) https://mirrors.medzik.dev/termux/termux-main: bad
[*] (1) https://md.mirrors.hacktegic.com/termux/termux-main: bad
[*] (1) https://mirror.quantum5.ca/termux/termux-main: bad
[*] (1) https://mirror.mwt.me/termux/main: bad
[*] (1) https://mirror.fcix.net/termux/termux-main: bad
[*] (1) https://dl.kcubeterm.com/termux-main: bad
[*] (1) https://plug-mirror.rcac.purdue.edu/termux/termux-main: bad
[*] (1) https://mirror.csclub.uwaterloo.ca/termux/termux-main: bad
[*] (1) https://mirrors.utermux.dev/termux/termux-main: bad
[*] (1) https://mirror.vern.cc/termux/termux-main: bad
[*] (1) https://mirror.endianness.com/termux/termux-main: bad
[*] (1) https://mirrors.rda.run/termux/termux-main: bad
[*] (1) http://mirror.mephi.ru/termux/termux-main: bad
[*] (1) https://repository.su/termux/termux-main/: bad
Error: None of the mirrors are accessible
truboxl commented 7 months ago

I can't reproduce it on Docker Desktop Windows v25.0.3 using WSL2. Are you using something other host OS?

ire4ever1190 commented 7 months ago

Host OS is arch Linux

THEGOLDENPRO commented 7 months ago

I'm also on Arch Linux. Maybe our issue is related to https://github.com/termux/termux-docker/issues/55

postmodern commented 7 months ago

Also just ran into this on Fedora Linux using a fresh pull of termux/termux-docker:latest. Oddly enough, ping is able to resolve host names, but curl or apt cannot.

$ docker run -it --rm termux/termux-docker:latest
~ $ apt update
Ign:1 https://packages-cf.termux.dev/apt/termux-main stable InRelease
Ign:1 https://packages-cf.termux.dev/apt/termux-main stable InRelease
Ign:1 https://packages-cf.termux.dev/apt/termux-main stable InRelease
Err:1 https://packages-cf.termux.dev/apt/termux-main stable InRelease
  Something wicked happened resolving 'packages-cf.termux.dev:https' (7 - No address associated with hostname)
Reading package lists... Done
Building dependency tree... Done
All packages are up to date.
W: Failed to fetch https://packages-cf.termux.dev/apt/termux-main/dists/stable/InRelease  Something wicked happened resolving 'packages-cf.termux.dev:https' (7 - No address associated with hostname)
W: Some index files failed to download. They have been ignored, or old ones used instead.
~ $ ping packages-cf.termux.dev
PING packages-cf.termux.dev (172.67.200.228): 56 data bytes
ping: permission denied (are you root?)
~ $ curl https://packages-cf.termux.dev
curl: (6) Could not resolve host: packages-cf.termux.dev
naruto522ru commented 5 months ago

I “solved” the problem. By rolling back the commit 15a788b953fdd815ebd7a6532b163e497d4de53d . By building a docker image.

sudo ./build-all.sh

Run it like this:

sudo docker run --restart=always -e TERM="xterm" -it IMAGE_ID

The most important thing I forgot to write resolving domains works. At least so than nothing. изображение

Temporary solution to who needs a very termux in the docker.

THEGOLDENPRO commented 5 months ago

I “solved” the problem. By rolling back the commit 15a788b . By building a docker image.

Thanks 💙 I'll try that out the next time I need this again.

2-4601 commented 4 months ago

TL;DR

The root cause is how dnsmasq behaves with too lax limits for open files. You can mitigate this issue by explicitly restricting the number of open file descriptors for the container. For example:

$ docker run --rm --tty --interactive --ulimit nofile=1048576:1048576 termux/termux-docker:latest

Longer explanation

I also run into this issue on Arch Linux with Docker v26.1.4. The dnsmasq process (/system/bin/dnsmasq -u root -g root --pid-file /dnsmasq.pid) ate all resources of a single CPU core and networking did not work.

Next I tested with Ubuntu 24.04 both with the Canonical packaged Docker v24.0.7 and the latest community edition of Docker v26.1.4. Everything worked fine on Ubuntu on both Docker versions.

Because the same Docker version produced different behaviour in Arch and Ubuntu, something in Arch must have been different.

strace showed that dnsmasq was calling fstat64 ad nauseam and those calls ended in EBADF (Bad file descriptor) errors.

Then I tried gdb from the host OS to see what the process is doing. Not very reliable but at least I got something out of it, namely the function name:

#0  0xe9f08579 in __kernel_vsyscall ()
#1  0xe9d29938 in fstat64 () from target:/system/lib/libc.so
#2  0x6102c5f3 in closeUnwantedFileDescriptors ()
#3  0x6102c738 in main ()

Turns out closeUnwantedFileDescriptors is part of the Android fork of dnsmasq. First introduced in this commit, but the method is still the same in the current version. It goes through all the possible file descriptors (limited by the maximum for processes) and closes all but the stdout, stderr and stdin. Now imagine if the maximum number of open files is large, such as 2^30. It's going to take a while to try to close all those non-existant file descriptors. In the upstream dnsmasq, this was optimised to use /proc, but the Android version of dnsmasq is still using the traditional brute force approach.

In Arch, you can see the current limit in the Termux Docker container with:

termux-docker@arch$ ulimit -n
1073741816

And if you run the same when the host OS is Ubuntu:

termux-docker@ubuntu$ ulimit -n
1048576

So by default, Arch is using a much larger limit for open file descriptors. And that's why dnsmasq hangs because it tries to close all of them.

These limits originate most likely from the default kernel parameters:

arch$ sysctl fs.nr_open
fs.nr_open = 1073741816
ubuntu$ sysctl fs.nr_open
fs.nr_open = 1048576

If you don't want to change the kernel parameters, you can just restrict them for the termux-docker container. For example, to use the default limits of Ubuntu's kernel:

$ docker run --rm --tty --interactive --ulimit nofile=1048576:1048576 termux/termux-docker:latest

Now the container's dnsmasq does not hang any more in Arch Linux.

Fix

A possible fix could be adding something modest, such as ulimit -n 4096, before starting the dnsmasq process in the entry point scripts. I quickly tested that and it works.