[5.0.0] Rootless networking with custom network is broken #22146
Description
Issue Description
When using rootless podman and a network created with podman network create foo, the container doesn't have internet access. The issue is not specific to IPv4-only networks and also occurs with podman network create --ipv6 bar.
Steps to reproduce the issue
Steps to reproduce the issue
podman network create foopodman run -it --rm --network=foo alpine wget google.com
Describe the results you received
The IP resolves, but the command hangs. ping (and ping6) work as expected
Describe the results you expected
The command goes through.
podman info output
host:
arch: amd64
buildahVersion: 1.35.1
cgroupControllers:
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: /usr/bin/conmon is owned by conmon 1:2.1.10-1
path: /usr/bin/conmon
version: 'conmon version 2.1.10, commit: 2dcd736e46ded79a53339462bc251694b150f870'
cpuUtilization:
idlePercent: 98.38
systemPercent: 0.56
userPercent: 1.06
cpus: 12
databaseBackend: sqlite
distribution:
distribution: arch
version: unknown
eventLogger: journald
freeLocks: 2047
hostname: hermes
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.8.1-arch1-1
linkmode: dynamic
logDriver: journald
memFree: 8785002496
memTotal: 16076029952
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: /usr/lib/podman/aardvark-dns is owned by aardvark-dns 1.10.0-1
path: /usr/lib/podman/aardvark-dns
version: aardvark-dns 1.10.0
package: /usr/lib/podman/netavark is owned by netavark 1.10.3-1
path: /usr/lib/podman/netavark
version: netavark 1.10.3
ociRuntime:
name: crun
package: /usr/bin/crun is owned by crun 1.14.4-1
path: /usr/bin/crun
version: |-
crun version 1.14.4
commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: /usr/bin/pasta is owned by passt 2024_03_20.71dd405-1
version: |
pasta unknown version
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: false
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 4294963200
swapTotal: 4294963200
uptime: 0h 19m 48.00s
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries: {}
store:
configFile: /home/maxi/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 1
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/maxi/.local/share/containers/storage
graphRootAllocated: 511554093056
graphRootUsed: 71551737856
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/maxi/.local/share/containers/storage/volumes
version:
APIVersion: 5.0.0
Built: 1711060217
BuiltTime: Thu Mar 21 23:30:17 2024
GitCommit: e71ec6f1d94d2d97fb3afe08aae0d8adaf8bddf0-dirty
GoVersion: go1.22.1
Os: linux
OsArch: linux/amd64
Version: 5.0.0Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
No response
Additional information
No response