[Podman] Re: Can't maintain connection to container's listening port

On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote: > Try the container in --privileged mode, to see if this is causing the > issue. That didn't help. :( > If it still crashes, then I figure it is something with the user > namespace. The container doesn't crash. It actually runs and I can see postgrey running in the container. The problem is when I do a telnet test from the host or from another server to the postgrey port I exposed, the telnet connection doesn't stay up and instead drops immediately. If the container is running rootfull, the telnet test is established and doesn't disconnect. > Do you have an image I could try? It's not uploaded anywhere. I'm turning some of my KVMs into containers because I wanted to learn podman and get familiar with it. I've only been doing container stuff in general since August of last year. Hmmm...can I dump the Containerfile for each image here? They're not big. The Rocky Linux 8 Dockerfile is copied directly from their docker image page on dockerhub. There's some wrapping. Here's the latest run command I used: "CreateCommand": [ "podman", "run", "-d", "--name", "postgrey", "--publish", "1.2.3.4:10023:10023", "--volume", "postgrey:/var/spool/postfix/postgrey:Z", "--privileged", "postgrey-v0.0.3" ], The volume doesn't matter. I'm just preserving data from my KVM. Below are the Containerfile, config file and Dockerfile. -------- postgrey -------- FROM local/rocky8-systemd RUN dnf -y update && \ dnf -y install epel-release && \ dnf -y --nodocs install postgrey telnet && \ dnf clean all && \ systemctl enable postgrey COPY postgrey /etc/sysconfig/ CMD ["/usr/sbin/init"] -------------------- postgrey sysconfig file -------------------- # Postgrey offers 2 listening types, --inet and --unix. As default, Fedora # postgrey works under UNIX socket, but, changing to TCP socket on user's own # is also available, for instance, let it work at 10023 port of localhost: # --inet=10023 # To be more detailed, there is another way if you still run it at localhost: # --inet=127.0.0.1:10023 #POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket" POSTGREY_TYPE="--inet=127.0.0.1:10023" # If postgrey works under UNIX socket way, PID file can be specified to # custom location, note that no need to set this if postgrey is working # under TCP socket way. POSTGREY_PID="--pidfile=/var/run/postgrey.pid" # Name of group which postgrey belongs, default is postgrey POSTGREY_GROUP="--group=postgrey" # Name of user which postgrey belongs, default is postgrey POSTGREY_USER="--user=postgrey" # DELAY POSTGREY_DELAY="--delay=60" # For more options can be used, please read manpage or execute `postgrey -h`. # Custom options. POSTGREY_OPTS="" ------------- rocky linux 8 ------------- FROM rockylinux/rockylinux:latest ENV container docker RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \ systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f /etc/systemd/system/*.wants/*;\ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]