I would appreciate some help in setting bypass4netns up with podman. On Debian 13, installed from debian repos, all the prerequisites are fulfilled. I have the exact same issue when I compile from source too. (Installed pkgs: bypass4netns, libseccomp2 2.6.0, runc 1.3.4, crun 1.2.1) After running bypass4netns I run the podman container with:
podman run -it --rm --security-opt seccomp=$HOME/seccomp.json --runtime=runc alpine
I have the correct seccomp.json file in both my home directory and also the default podman seccomp profile directory. Changing the runtime to crun doesn't change anything. The port forwarding works when I run nginx instead of alpine. Podman is using slirp4netns. Setting --network bridge doesnt help.
Also, bypass4netns spams the terminal with "ERRO[0017] Error in NotifReceive(): no such file or directory" when I stop the container. Am I missing something?
$ bypass4netns --ignore="127.0.0.0/8,10.0.0.0/8,auto" -p="8080:80" --debug
INFO[0000] Debug mode enabled
INFO[0000] SocketPath: /run/user/1000/bypass4netns.sock
INFO[0000] 127.0.0.0/8 is added to ignore
INFO[0000] 10.0.0.0/8 is added to ignore
INFO[0000] Enabling auto-update for --ignore
INFO[0000] fowarding port 8080:80 (host=8080 container=80) is added
INFO[0000] Waiting for seccomp file descriptors
INFO[0001] accept connection
INFO[0001] Received new seccomp fd: 6
INFO[0001] tracer is disabled
INFO[0001] background task is ready. start to handle
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] process is registered pid=52631 sockfd=0 syscall=fcntl
DEBU[0001] got sockfd=11
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: socket operation on non-socket" pid=52631 sockfd=0 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=0 syscall=fcntl
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] got sockfd=14
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: socket operation on non-socket" pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is removed pid=52631 sockfd=3
INFO[0001] Dynamic non-bypassable list: started NSAgent (PID=52638, target PID=52631)
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: bad file descriptor" pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is removed pid=52631 sockfd=9
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: bad file descriptor" pid=52631 sockfd=9 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=9 syscall=fcntl
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: socket operation on non-socket" pid=52631 sockfd=12 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=12 syscall=fcntl
DEBU[0001] socket is removed pid=52631 sockfd=9
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] socket is removed pid=52631 sockfd=12
DEBU[0001] socket is removed pid=52631 sockfd=5
DEBU[0001] socket is removed pid=52631 sockfd=6
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: bad file descriptor" pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=3 syscall=fcntl
INFO[0001] Dynamic non-bypassable list: old dynamic=[], new dynamic=[{10.88.0.0 ffff0000} {fe80:: ffffffffffffffff0000000000000000} {127.0.0.0 ff000000} {::1 ffffffffffffffffffffffffffffffff}], static=[{127.0.0.0 ff000000} {10.0.0.0 ff000000}]
ERRO[0001] TOCTOU check failed: req.ID is no longer valid: no such file or directory
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: socket operation on non-socket" pid=52631 sockfd=5 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=5 syscall=fcntl
ERRO[0001] Error in notification response: no such file or directory
ERRO[0001] Error in NotifReceive(): no such file or directory
ERRO[0001] Error in NotifReceive(): no such file or directory
ERRO[0001] Error in NotifReceive(): no such file or directory
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] socket is removed pid=52631 sockfd=5
DEBU[0001] socket is removed pid=52631 sockfd=8
DEBU[0001] socket is removed pid=52631 sockfd=3
DEBU[0001] got sockfd=8
DEBU[0001] failed to get socket args err="getsockopt(SO_DOMAIN) failed: bad file descriptor" pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is registered (state=NotBypassable) pid=52631 sockfd=3 syscall=fcntl
DEBU[0001] socket is removed pid=52631 sockfd=5
I would appreciate some help in setting bypass4netns up with podman. On Debian 13, installed from debian repos, all the prerequisites are fulfilled. I have the exact same issue when I compile from source too. (Installed pkgs: bypass4netns, libseccomp2 2.6.0, runc 1.3.4, crun 1.2.1) After running bypass4netns I run the podman container with:
I have the correct seccomp.json file in both my home directory and also the default podman seccomp profile directory. Changing the runtime to crun doesn't change anything. The port forwarding works when I run nginx instead of alpine. Podman is using slirp4netns. Setting --network bridge doesnt help.
Also, bypass4netns spams the terminal with "ERRO[0017] Error in NotifReceive(): no such file or directory" when I stop the container. Am I missing something?