November 2022 - Podman - Podman List Archives

=?utf-8?q?=5BPodman=5D?=(Meta) Security warnings for podman mailing list

by Joost Molenaar

Hi all, for ~every message posted to this list, some email clients display an error, in my case "This email has failed its domain's authentication requirements. It may be spoofed or improperly forwarded." These are the authentication results for a recent message from the list: Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=8.43.85.227 Authentication-Results: mailin008.protonmail.ch; dkim=none Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com If I understand correctly, Mailman has an option[1] to change the From: header in the email and add the original sender's name and address to the Reply-To: header, which leads to a slightly worse user experience, but is better for security because it reduces the number of false positives we get exposed to. So my question is, could we enable DMARC mitigation to reduce warning fatigue? Regards, Joost Molenaar [1]: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers...

2 months, 2 weeks

4
4
0 / 0

(no subject)

by Lakshmi Mannuru

Hi Team, I have a scenario where I need some help. The application is having multiple containers running with podman run at start up. When firmware update is triggered, some of the files running on x container, need to start tftp container. Can some suggest the steps to start and stop tftp container from x container when Firmware update is getting executed. Thanks in advance for your help. Thank you

3 months, 3 weeks

3
4
0 / 0

Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22)

by Laurent Meunier

Hello, I would like to create rootful containers with static IPv4 and IPv6 addresses that are part of my network (containers that somehow act as physical devices on my network). From what I understand in the documentation [1], the macvlan driver should be my preferred option with netavark. [1] https://github.com/containers/podman/blob/main/docs/tutorials/basic_netwo... My problem is that I get an error when starting a container attached to a macvlan network created with an IPv6 subnet: > Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22) FYI, as long as the maclan network is created without IPv6 subnet, I can create new podman containers without error. [root@fedora-server ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:fd:e8:df brd ff:ff:ff:ff:ff:ff inet 192.168.122.2/24 brd 192.168.122.255 scope global dynamic noprefixroute enp1s0 valid_lft 2219sec preferred_lft 2219sec inet6 fe80::5054:ff:fefd:e8df/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@fedora-server ~]# [root@fedora-server ~]# ip r default via 192.168.122.1 dev enp1s0 proto dhcp src 192.168.122.2 metric 100 192.168.122.0/24 dev enp1s0 proto kernel scope link src 192.168.122.2 metric 100 [root@fedora-server ~]# [root@fedora-server ~]# podman info |grep -i networkbackend networkBackend: netavark [root@fedora-server ~]# [root@fedora-server ~]# podman network create \ --driver macvlan \ --opt=parent=enp1s0 \ --subnet 192.168.122.0/24 \ --gateway 192.168.122.1 \ --subnet fe80::/112 \ mynetwork mynetwork [root@fedora-server ~]# [root@fedora-server ~]# podman run -it --rm \ --ip=192.168.122.97 \ --ip6=fe80::97 \ --network=mynetwork \ registry.fedoraproject.org/fedora:latest bash Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22) [root@fedora-server ~]# [root@fedora-server ~]# podman run -it --rm \ --ip=192.168.122.97 \ --network=mynetwork \ registry.fedoraproject.org/fedora:latest bash Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22) I don't know what I'm doing wrong. Maybe I'm missing something important from the documentation. Any help will be appreciated. Thanks. -- Laurent Meunier <laurent(a)deltalima.net>

4 months

2
2
0 / 0

Podman Community Cabal Meeting, Tomorrow, Thursday November 17, 2022, 11:00 a.m. EST (UTC-5)

by Tom Sweeney

Hi All! In just under 24 hours, at 11:00am EST (UTC-5), we'll be holding the Podman Community Cabal Meeting. Currently, there is only one topic about Docker Compose Support, so plenty of time for questions or other topics! Conference link in the Agenda: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both Hope to see you there! t

4 months, 1 week

1
0
0 / 0

Installation of podman fails with access deniedon Windows

by Jochen Wiedmann

Hi, for your info, and for the record: having installed podman-desktop 0.9.1 on a Windows 10 machine, I couldn't initialize it, due to the error message mkdir C:\Users\jwi\.local\share\containers\podman: Access is denied. Workaround has been as follows: 1.) Execute the command podman machine init as a non-privileged user (myself) failed with the same error. 2.) Execute the command mkdir C:\Users\jwi\.local\share\containers\podman as a privileged user (Administrazor) worked. 3.) Repeating the "podman machine init" command as an unprivileged user works now, and Podman can be started. What's suprising for me: I would have expected, that I should be able to create a directory, that is located within my own home directory? Jochen -- Philosophy is useless, theology is worse. (Industrial Disease, Dire Straits)

4 months, 1 week

2
2
0 / 0

systemd, podman play kube & restarting a pod automatically

by POIROTTE Francois

Hi, I'm working with a pod where 2 containers depend on one another. I'm using podman v4.3.0 and the pod is started using systemd (podman-kube@.service). When one of the containers is in an improper state (crashes, stops unexpectedly, or some other condition is not met), I would like to restart the whole pod automatically (just restarting the one container that stopped is not enough in my case). Ideally, systemd would be in charge of restarting the pod (using the Restart= directive to control precisely when it must be restarted). So far, I've tried using the healthchecks mechanism, but while podman correctly detects that the container is unhealthy, no further action is taken. Is there any way to achieve the desired result? Regards, François

4 months, 3 weeks

2
1
0 / 0

Using Eclipse with Podman Engine on Linux

by Mehdi Haghgoo

I want to use Eclipse with Podman backend on Windows. I have Podman Desktop installed and the podman context is: Name URI Identity Default podman-machine-default ssh://user@localhost:64926/run/user/1000/podman/podman.sock C:\Users\me\.ssh\podman-machine-default true podman-machine-default-root ssh://root@localhost:64926/run/podman/podman.sock C:\Users\me\.ssh\podman-machine-default false Eclipse's Docker tooling has a setting for Container engine like the following: It takes either a unix socket or a TCP connection, but none of them accept the value specified by Podman URI like ssh://user@localhost:64926/run/user/1000/podman/podman.sock. Is there a workaround I can connect Eclipse to Podman engine on Windows?

4 months, 3 weeks

3
5
0 / 0

Question about expectations when running play kube and using volumes

by Martin Jackson

Hello, Yesterday I opened https://github.com/containers/podman/issues/16348 - the heart of the issue is that when starting a pod with volumes, when the pod comes down, it can't come up again without removing the volumes. I'm open to the idea that I can improve how I'm doing the deployment; but it seems that having to remove volumes before restarting the pod does not seem like something we want to require. If we were to have another stateful service running under podman (postgres? strimzi?), having the pod fail to restart after a reboot seems like it might be a big issue. What do you think? -- Martin Jackson Sr. Principal Software Engineer, Ecosystem Engineering Red Hat <https://www.redhat.com/> mhjacks(a)redhat.com @RedHat <https://twitter.com/redhat> Red Hat <https://www.linkedin.com/company/red-hat> Red Hat <https://www.facebook.com/RedHatInc> <https://www.redhat.com/> <https://redhat.com/summit>

4 months, 3 weeks

3
3
0 / 0

2023

2022

2021

2020

2019

Podman November 2022