You are not logged in.
I've been running Podman rootless for around a year now, and so far things went very well. I was just poking at this new feature where you're supposed to be able to setup container networks similar to when running Podman (or Docker) as root.
However, this doesn't seem to work in my machine for an unknown issue in cnitool:
$ podman network create foo
/home/michele/.config/cni/net.d/foo.conflist
$ podman run --rm -it --network=foo docker.io/library/alpine:latest ip addr
Error: command rootless-cni-infra [alloc 89398a9315256cb1938075c377275d29c2b6ebdd75a96b5c26051a89541eb928 foo festive_hofstadter ] in container 1f4344bbd1087c892a18bacc35f4fdafbb61106c146952426488bc940a751efe failed with status 1, stdout="", stderr="exit status 3\n"Did you guys had a similar experience so far? I've tried the same on a Fedora 33 live and everything runs smooth not sure what's wrong with my setup, and I've opened an issue upstream https://github.com/containers/podman/issues/9364, where one of the collaborator mentioned that my setup is almost identical of what he's using.
Last edited by michelesr (2021-02-16 15:56:03)
Offline
Looks like the problem was caused by Apparmor preventing the rootless-cni-infra from creating an instance of dnsmasq to handle the internal network dns resolution (e.g. container-name.dns.podman)
Solved by disabling the dnsmasq apparmor profile temporarily
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dnsmasqOffline
This rule for the dnsmasq Apparmor profile seems to play nicely with the dnsname plugin in Podman:
# required by the dnsname plugin in podman
/run/containers/cni/dnsname/** rw,To apply:
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dnsmasq
sudo apparmor_parser /etc/apparmor.d/usr.sbin.dnsmasqOffline