* [Question] Podman port mapping is not working properly. #meta-virtualization
@ 2024-01-24 1:26 heyday-welds.0b
0 siblings, 0 replies; only message in thread
From: heyday-welds.0b @ 2024-01-24 1:26 UTC (permalink / raw)
To: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 4858 bytes --]
First of all, please let me know, if this is not right place for a question.
I'm a newbie to Yocto Project and consisting running environment of podman.
I enabled virtualization layer, podman and iproute2.
Now podman can run container without port mapping.
But below error occurs when I use port mapping as below.
Can I get any clue about it?
root@qemux86-64:/media/disk# podman run -dit -p 8080:80 httpd
[ 1055.281577] cni-podman0: port 1(vethefec5ab0) entered blocking state
[ 1055.282447] cni-podman0: port 1(vethefec5ab0) entered disabled state
[ 1055.283999] device vethefec5ab0 entered promiscuous mode
[ 1055.507799] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 1055.508566] IPv6: ADDRCONF(NETDEV_CHANGE): vethefec5ab0: link becomes ready
[ 1055.509053] cni-podman0: port 1(vethefec5ab0) entered blocking state
[ 1055.509417] cni-podman0: port 1(vethefec5ab0) entered forwarding state
WARN[0003] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk
[ 1058.204483] cni-podman0: port 1(vethefec5ab0) entered disabled state
[ 1058.232123] device vethefec5ab0 left promiscuous mode
[ 1058.232665] cni-podman0: port 1(vethefec5ab0) entered disabled state
Error: plugin type="portmap" failed (add): cni plugin portmap failed: unable to create chain CNI-HOSTPORT-SETMARK: running [/usr/sbin/iptables -t nat -C CNI-HOSTPORT-SETMARK -m comment --comment CNI portfwd masquerade mark -j MARK --set-xmark 0x2000/0x2000 --wait]: exit status 2: iptables v1.8.7 (legacy): *unknown option "--set-xmark"*
Try `iptables -h' or 'iptables --help' for more information.
Kernel configuration is
root@qemux86-64:/media/disk# bash check-config.sh
info: reading kernel config from /proc/config.gz ...
Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled
- CONFIG_IP_NF_FILTER: enabled (as module)
- CONFIG_IP_NF_MANGLE: enabled (as module)
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
- CONFIG_NETFILTER_XT_MARK: enabled (as module)
- CONFIG_IP_NF_NAT: enabled (as module)
- CONFIG_NF_NAT: enabled (as module)
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_CGROUP_BPF: enabled
Optional Features:
- CONFIG_USER_NS: enabled
- CONFIG_SECCOMP: enabled
- CONFIG_SECCOMP_FILTER: enabled
- CONFIG_CGROUP_PIDS: enabled
- CONFIG_MEMCG_SWAP: enabled
(cgroup swap accounting is currently enabled)
- CONFIG_BLK_CGROUP: enabled
- CONFIG_BLK_DEV_THROTTLING: missing
- CONFIG_CGROUP_PERF: enabled
- CONFIG_CGROUP_HUGETLB: missing
- CONFIG_NET_CLS_CGROUP: enabled (as module)
- CONFIG_CGROUP_NET_PRIO: enabled
- CONFIG_CFS_BANDWIDTH: missing
- CONFIG_FAIR_GROUP_SCHED: enabled
- CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
- CONFIG_IP_VS: enabled (as module)
- CONFIG_IP_VS_NFCT: missing
- CONFIG_IP_VS_PROTO_TCP: missing
- CONFIG_IP_VS_PROTO_UDP: missing
- CONFIG_IP_VS_RR: missing
- CONFIG_SECURITY_SELINUX: missing
- CONFIG_SECURITY_APPARMOR: missing
- CONFIG_EXT4_FS: enabled
- CONFIG_EXT4_FS_POSIX_ACL: enabled
- CONFIG_EXT4_FS_SECURITY: enabled
- Network Drivers:
- "overlay":
- CONFIG_VXLAN: enabled (as module)
- CONFIG_BRIDGE_VLAN_FILTERING: enabled
Optional (for encrypted networks):
- CONFIG_CRYPTO: enabled
- CONFIG_CRYPTO_AEAD: enabled
- CONFIG_CRYPTO_GCM: enabled
- CONFIG_CRYPTO_SEQIV: enabled
- CONFIG_CRYPTO_GHASH: enabled
- CONFIG_XFRM: enabled
- CONFIG_XFRM_USER: enabled (as module)
- CONFIG_XFRM_ALGO: enabled
- CONFIG_INET_ESP: enabled (as module)
- CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
- "ipvlan":
- CONFIG_IPVLAN: enabled
- "macvlan":
- CONFIG_MACVLAN: enabled
- CONFIG_DUMMY: enabled (as module)
- "ftp,tftp client in container":
- CONFIG_NF_NAT_FTP: enabled (as module)
- CONFIG_NF_CONNTRACK_FTP: enabled (as module)
- CONFIG_NF_NAT_TFTP: enabled (as module)
- CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
- Storage Drivers:
- "btrfs":
- CONFIG_BTRFS_FS: enabled
- CONFIG_BTRFS_FS_POSIX_ACL: enabled
- "overlay":
- CONFIG_OVERLAY_FS: enabled
- "zfs":
- /dev/zfs: missing
- zfs command: missing
- zpool command: missing
Limits:
- /proc/sys/kernel/keys/root_maxkeys: 1000000
Thanks, Chris.
[-- Attachment #2: Type: text/html, Size: 7085 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-01-24 1:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-24 1:26 [Question] Podman port mapping is not working properly. #meta-virtualization heyday-welds.0b
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).