Package Details: podman-git 4.5.0_dev.r18231.g519cfa81f-1

Git Clone URL: https://aur.archlinux.org/podman-git.git (read-only, click to copy)
Package Base: podman-git
Description: Tool and library for running OCI-based containers in pods (git)
Upstream URL: https://github.com/containers/podman.git
Keywords: containers docker podman
Licenses: Apache
Conflicts: podman, podman-remote
Provides: podman, podman-remote
Submitter: samarthj
Maintainer: samarthj
Last Packager: samarthj
Votes: 1
Popularity: 0.000002
First Submitted: 2021-06-18 06:45 (UTC)
Last Updated: 2023-03-14 02:40 (UTC)

Required by (27)

Sources (2)

Pinned Comments

samarthj commented on 2021-08-23 19:18 (UTC)

quickest way to reach me for changes/updates/issues/pull-requests - https://github.com/samarthj/AUR

Latest Comments

samarthj commented on 2022-09-16 20:40 (UTC)

If you are using rootless then it cannot add any iptable rules because only root has the privileges to do that.

And it doesn't sound like you have explicitly setup a firewall either. And since it sporadically works / doesn't work, whatever is happening is probably outside the container itself, a secondary layer like a vpn or custom dns routing or a higher in the network stack (home or external). It could also be based on whatever the container is doing internally, or perhaps doesn't support a consistent rootless setup.

It really depends. But the podman itself appears to be working as expected.

I'd recommend getting help from someone who knows your network stack, or the container owner (unless it is your own) or in general container forums for podman/docker.

Loader009 commented on 2022-09-16 19:04 (UTC) (edited on 2022-09-16 19:05 (UTC) by Loader009)

What a great answer, thank you!

I'm using rootless podman (with netavark networking backend), but in the matrix room someone said, that there should be iptables rules for rootful and rootless.

I have issues about a podman container (rootless) not being able to ping outside - but the issue is very random, sometimes it works, sometimes it does not. Not only it can't ping, it is also not able to connect outside at all (e.g. via curl).

samarthj commented on 2022-09-16 18:07 (UTC)

Based on that comment, I don't really know how you have configured networking or how you are using podman (rootful/rootless). And I don't know whether this is a question, or if you are facing an actual issue either.

So I would need to understand more about your use-case and what specifically the issue is, before I can understand what the expectation is and what is not working. If you have never touched networking on your system, and/or are running podman as a non-root user, there aren't expected to be any iptable rules, and everything should be working just fine.

From podman's perspective: It only uses iptables for rootful containers. For rootless the networking is managed in the containers networking scope only via slirp4netns. And in the case you are using rootful containers it would also depend on what the container is doing, how you have configured it to run, the capabilities added to it, the namespace used and the network backend and driver in use.

From system networking perspective: Here things depend on how your network is managed, which firewall is being used (and whether one is), and what the context of iptable rules being or not being there is.

That being said, assuming you are using a clean setup on a clean system configured to use the firewalld with the iptables backend (which is not enabled by default, no firewall is). And trying to launch a container with the host namespace as a priviliged container, then you would expect to see some iptable rules. Now say your network resets, or something on the system that interacts with the firewall reloads it, or you manually reload the firewall, the rules will be wiped. And in that event to restore networking to your container, you would need to reload the networking for podman as well. Check man podman-network-reload for how to that and additional context.

But that is all hypothetical. As for your system, based on what and how it is setup, I'd recommend checking out the archwiki and the podman docs, or any other relevant documentation.

Loader009 commented on 2022-08-26 07:43 (UTC) (edited on 2022-08-26 07:43 (UTC) by Loader009)

Could there be issues on applying iptables rules? This also seems to be the case for the core package (according to a friend).

In the Matrix Chat room some dev said that he has no clue why there are no iptables rules applied - so I guess it's an ArchLinux issue.

qubidt commented on 2022-06-27 09:43 (UTC)

systemd should be added to makedepends. to build the service files (src/podman/Makefile:791), it checks for the existence of systemd/sd-daemon.h (see src/podman/hack/systemd_tag.sh), which is part of core/systemd, not core/systemd-libs (i.e. libsystemd alone in makedepends is inadequate).

This is noticeable if you build in a chroot

samarthj commented on 2021-08-23 19:18 (UTC)

quickest way to reach me for changes/updates/issues/pull-requests - https://github.com/samarthj/AUR