Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

network resources are leaked when error happens during setup #18205

Closed
Luap99 opened this issue Apr 14, 2023 · 0 comments · Fixed by #18254
Closed

network resources are leaked when error happens during setup #18205

Luap99 opened this issue Apr 14, 2023 · 0 comments · Fixed by #18254
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. network Networking related issue or feature

Comments

@Luap99
Copy link
Member

Luap99 commented Apr 14, 2023

Issue Description

The network resources are leaked when there is a error during the initial container setup process.
This effects both netavark and cni.

Steps to reproduce the issue

Make sure to not have containers running and try this as rootless

  1. podman network create test1
  2. podman run -p 80:80 --network podman1 alpine ip a
    Which correctly fails with:
Error: rootlessport cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
  1. ps aux

Describe the results you received

See that aardvark-dns is still running, or dnsmasq when using CNI.

Describe the results you expected

Podman should teardown the network correctly on errors.

podman info output

latest main branch

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

This seems to be the root cause why we leak so many aardvark-dns or dnsmasq processes in e2e tests in CI.

@Luap99 Luap99 added kind/bug Categorizes issue or PR as related to a bug. network Networking related issue or feature labels Apr 14, 2023
@Luap99 Luap99 self-assigned this Apr 17, 2023
Luap99 added a commit to Luap99/libpod that referenced this issue Apr 18, 2023
Make sure to tear down the netns again on errors. This is needed when a
later call fails and we do not have already stored the netns in the
container state.

[NO NEW TESTS NEEDED] My ginkgo-v2 PR will catch problem like this once
merged.

Fixes containers#18205

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Luap99 added a commit to Luap99/libpod that referenced this issue May 23, 2023
Make sure to tear down the netns again on errors. This is needed when a
later call fails and we do not have already stored the netns in the
container state.

[NO NEW TESTS NEEDED] My ginkgo-v2 PR will catch problem like this once
merged.

Fixes containers#18205

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 27, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. network Networking related issue or feature
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant