On 1/12/22 16:59, Ranbir wrote:
> On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote:
>> Try the container in --privileged mode, to see if this is causing the
>> issue.
> That didn't help. :(
>
>> If it still crashes, then I figure it is something with the user
>> namespace.
> The container doesn't crash. It actually runs and I can see postgrey
> running in the container. The problem is when I do a telnet test from
> the host or from another server to the postgrey port I exposed, the
> telnet connection doesn't stay up and instead drops immediately. If the
> container is running rootfull, the telnet test is established and
> doesn't disconnect.
>
>> Do you have an image I could try?
> It's not uploaded anywhere. I'm turning some of my KVMs into containers
> because I wanted to learn podman and get familiar with it. I've only
> been doing container stuff in general since August of last year.
>
> Hmmm...can I dump the Containerfile for each image here? They're not
> big. The Rocky Linux 8 Dockerfile is copied directly from their docker
> image page on dockerhub.
>
> There's some wrapping.
>
>
> Here's the latest run command I used:
>
> "CreateCommand": [
> "podman",
> "run",
> "-d",
> "--name",
> "postgrey",
> "--publish",
> "1.2.3.4:10023:10023",
> "--volume",
> "postgrey:/var/spool/postfix/postgrey:Z",
> "--privileged",
> "postgrey-v0.0.3"
> ],
>
>
> The volume doesn't matter. I'm just preserving data from my KVM.
>
> Below are the Containerfile, config file and Dockerfile.
>
> --------
> postgrey
> --------
>
> FROM local/rocky8-systemd
>
> RUN dnf -y update && \
> dnf -y install epel-release && \
> dnf -y --nodocs install postgrey telnet && \
> dnf clean all && \
> systemctl enable postgrey
>
> COPY postgrey /etc/sysconfig/
>
> CMD ["/usr/sbin/init"]
>
> --------------------
> postgrey sysconfig file
> --------------------
>
> # Postgrey offers 2 listening types, --inet and --unix. As default, Fedora
> # postgrey works under UNIX socket, but, changing to TCP socket on user's own
> # is also available, for instance, let it work at 10023 port of localhost:
> # --inet=10023
> # To be more detailed, there is another way if you still run it at localhost:
> # --inet=127.0.0.1:10023
> #POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
> POSTGREY_TYPE="--inet=127.0.0.1:10023"
>
> # If postgrey works under UNIX socket way, PID file can be specified to
> # custom location, note that no need to set this if postgrey is working
> # under TCP socket way.
> POSTGREY_PID="--pidfile=/var/run/postgrey.pid"
>
> # Name of group which postgrey belongs, default is postgrey
> POSTGREY_GROUP="--group=postgrey"
>
> # Name of user which postgrey belongs, default is postgrey
> POSTGREY_USER="--user=postgrey"
>
> # DELAY
> POSTGREY_DELAY="--delay=60"
>
> # For more options can be used, please read manpage or execute `postgrey -h`.
> # Custom options.
> POSTGREY_OPTS=""
>
>
> -------------
> rocky linux 8
> -------------
>
> FROM rockylinux/rockylinux:latest
>
> ENV container docker
>
> RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i
> == \
> systemd-tmpfiles-setup.service ] || rm -f $i; done); \
> rm -f /lib/systemd/system/multi-user.target.wants/*;\
> rm -f /etc/systemd/system/*.wants/*;\
> rm -f /lib/systemd/system/local-fs.target.wants/*; \
> rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
> rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
> rm -f /lib/systemd/system/basic.target.wants/*;\
> rm -f /lib/systemd/system/anaconda.target.wants/*;
>
> VOLUME [ "/sys/fs/cgroup" ]
>
> CMD ["/usr/sbin/init"]
>
>
Giuseppe, Paul, Matt Do you think this is slirp4netns related?
Ranbir could you try with --net=hosts