podman: allow_host_loopback=true does not work on MacOS

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

I cannot reach / ping / telnet the host from a container.

Steps to reproduce the issue:

  1. Create a file named “foo” with contents “bar”
$ echo bar >> foo
  1. Create a web server on the folder
$ python3 -m http.server 8000
  1. From another terminal tab, create a container with slirp4netns:allow_host_loopback=true from which to attempt a curl command:
$ podman run --rm --network slirp4netns:allow_host_loopback=true  docker.io/library/fedora \
    curl -sS http://10.0.2.2:8000/foo

Describe the results you received:

curl: (7) Failed to connect to 10.0.2.2 port 8000 after 0 ms: Connection refused

Describe the results you expected:

I had expected to see the contents, “bar”, as if I were executing the curl command from the host:

$ curl -sS http://localhost:8000/foo
bar

Additional information you deem important (e.g. issue happens only occasionally):

I’ve tried the above steps both on an M1 Mac Book Air and from an Intel Mac Book Pro (2015), the result is the same. The Podman version is also the same in both environments.

Output of podman version:

Client:
Version:      3.4.2
API Version:  3.4.2
Go Version:   go1.17.2
Built:        Fri Nov 12 17:08:25 2021
OS/Arch:      darwin/arm64

Server:
Version:      3.4.1
API Version:  3.4.1
Go Version:   go1.16.8
Built:        Wed Oct 20 16:32:52 2021
OS/Arch:      linux/arm64

Output of podman info --debug:

host:
  arch: arm64
  buildahVersion: 1.23.1
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.30-2.fc35.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: '
  cpus: 1
  distribution:
    distribution: fedora
    variant: coreos
    version: "35"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.18-300.fc35.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 404496384
  memTotal: 2048815104
  ociRuntime:
    name: crun
    package: crun-1.3-1.fc35.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.3
      commit: 8e5757a4e68590326dafe8a8b1b4a584b10a1370
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc35.aarch64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 2h 36m 25.79s (Approximately 0.08 days)
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 4
  runRoot: /run/user/1000/containers
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.1
  Built: 1634740372
  BuiltTime: Wed Oct 20 14:32:52 2021
  GitCommit: ""
  GoVersion: go1.16.8
  OsArch: linux/arm64
  Version: 3.4.1

Package info (e.g. output of rpm -q podman or apt list podman):

$ brew info podman
podman: stable 3.4.2 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/opt/homebrew/Cellar/podman/3.4.2 (170 files, 40.9MB) *
  Poured from bottle on 2021-12-04 at 14:04:37
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb
License: Apache-2.0
==> Dependencies
Build: go ✘, go-md2man ✘
Required: qemu ✔
==> Options
--HEAD
	Install HEAD version
==> Caveats
zsh completions have been installed to:
  /opt/homebrew/share/zsh/site-functions
==> Analytics
install: 12,005 (30 days), 38,558 (90 days), 70,680 (365 days)
install-on-request: 12,009 (30 days), 38,563 (90 days), 70,652 (365 days)
build-error: 0 (30 days)

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes.

Additional environment details (AWS, VirtualBox, physical, etc.):

Physical, Mac Book Air M1.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

yup

+1
rhatdan on Dec 9, 2021

Closing since the PR is merged, the next release happens today or tomorrow but you will need to wait until the podman version inside the VM is updated which will take at least two weeks.

+1
Luap99 on Dec 6, 2021
Read more comments on GitHub
← podman: Allow mounting -v /run:/run without leaking .containerenv file to the host
podman: ansible + podman not working →