-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad container image consuming all network IP addresses when using userns=keep-id #18615
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
network
Networking related issue or feature
Comments
I haven't verified it yet but I am 99% sure that #18468 would fix this. |
A friendly reminder that this issue had no activity for 30 days. |
Luap99
added a commit
to Luap99/libpod
that referenced
this issue
Oct 17, 2023
When a userns and netns is used we need to let the runtime create the netns otherwise the netns is not owned by the right userns and thus the capabilities would not be correct. The current restart logic tries to reuse the netns which is fine if no userns is used but when one is used we setup a new netns (which is correct) but forgot to cleanup the old netns. This resulted in leaked network namespaces and because no teardown was ever called leaked ipam assignments, thus a quickly restarting container will run out of ip space very fast. Fixes containers#18615 Signed-off-by: Paul Holzinger <[email protected]>
@Luap99 should this be reopened? I noticed that the related PR has been closed as well. |
This was fixed in #20384 which should be in 4.8 |
Thank you! I just found it. |
github-actions
bot
added
the
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
label
Mar 1, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
network
Networking related issue or feature
Issue Description
All IP addresses from a podman network, are being consumed by a container using
an invalid image (which keeps restarting constantly) when using
--restart=always
and--userns=keep-id
.Steps to reproduce the issue
Steps to reproduce the issue
ls -l /run/user/1000/netns | wc -l
and you will see number of control files keep increasingError: IPAM error: failed to find free IP in range: 10.89.0.1 - 10.89.0.254
Describe the results you received
Error: IPAM error: failed to find free IP in range: 10.89.0.1 - 10.89.0.254
Describe the results you expected
IPs should have been released for failed container.
podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: