Comments (17)
rhatdan
commented on September 26, 2024
Could you open this issue in CRI-O, since we are trying to drop conmon from libpod.
from podman.
mheon
commented on September 26, 2024
I'll keep this open here to track, and open an issue against CRI-O to modify conmon to support opening and holding ports
from podman.
rhatdan
commented on September 26, 2024
If we move away from conmon, would this be easier with runc?
from podman.
mheon
commented on September 26, 2024
Yeah, we'd do it ourself, which should be easy enough - run through our port forwards and reserve them all on the host
from podman.
rhatdan
commented on September 26, 2024
@mheon @baude What is the current state of this?
from podman.
mheon
commented on September 26, 2024
The current plan is to open the ports in libpod and pass their file descriptors over to Conmon, being careful not to overlap them with FDs that actually need to be leaked into the container. I don't think any progress has been made on implementing that.
from podman.
rhatdan
commented on September 26, 2024
@baude made any progress?
from podman.
baude
commented on September 26, 2024
I wasn't aware this was assigned to me. I think this is more suited to @giuseppe due to C skills. What do you guys think?
from podman.
mheon
commented on September 26, 2024
@baude The new plan is to open the ports in libpod, and then leak the FDs into conmon and close them. Might still be a good job for someone with more conmon experience, because we have to do the leaking in such a way as to not interfere with the FDs we are already leaking to conmon.
from podman.
rhatdan
commented on September 26, 2024
@giuseppe PTAL
from podman.
giuseppe
commented on September 26, 2024
sure I can take a look at it. Could someone more familiar with this part point me to where the ports are currently open?
from podman.
rhatdan
commented on September 26, 2024
@baude Could you help @giuseppe out?
from podman.
baude
commented on September 26, 2024
I have to defer to @mheon ... this was his idea.
from podman.
mheon
commented on September 26, 2024
@giuseppe I don't think we are opening them anywhere yet - presumably we'd do it somewhere in the OCI create code as we're starting to set up Conmon.
from podman.
giuseppe
commented on September 26, 2024
@mheon so just to be sure I understood, when I do something like -p 80:8081 I'll need to listen on port 80, and leak the fd into conmon? Is anyone ever going to listen on that port? Does it need to be configured to allow multiple listen (SO_REUSEPORT)?
from podman.
mheon
commented on September 26, 2024
@giuseppe No one should ever listen on the port - we're just holding it open so that nothing on the host can try and use it. As such, we definitely shouldn't be setting SO_REUSEPORT.
from podman.
giuseppe
commented on September 26, 2024
PR here: #1100
from podman.
Related Issues (20)
- Invalid rpm/podman.spec file when building from source HOT 4
- unpacking failed (error: exit status 125; output: Error: unrecognized command `podman /` HOT 1
- CNI documentation is out of date HOT 6
- Podman (5.2.2, win32) can not remote to Podman (5.0.3, Alpine) HOT 3
- CLI help option in JSON format HOT 2
- Processes top api service incompatibility HOT 2
- Default route confusion when using multiple `--network` options with `macvlan` and `bridge` networks HOT 5
- [Quadlet][Rootless] The generated systemd service exits immediately with success code 0 [Podman currently doesn't support cgroup v1 + v2 mixed systems.] [Update: FIXED in Podman 5.3.0] HOT 25
- Multiple Network not working properly with static IP and mac HOT 1
- --volumes-from not mounting files in volume HOT 2
- .buildkit_qemu_emulator: operation not supported
- Typo in "Error: getting store info: unable to collect graph root usasge " HOT 2
- health_status events are too noisy/redundant
- Warning message `WARN[0000] The cgroupv2 manager is set to systemd but ...` is printed twice HOT 6
- Unusual tar extraction errors when mounting macOS volumes into containers HOT 1
- unable to create pod cgroup: slice was already loaded or has a fragment file HOT 3
- Racy systemd integration with RestrictAddressFamilies option HOT 3
- Unable to install the latest podman on Ubuntu 22.04 by following the instructions on the website HOT 10
- UserNS not supported in pod quadlet file HOT 6
- `podman manifest add` disregarding architecture HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from podman.