2133390 – Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network [rhel-8.7.0.z]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2133390 - Podman container got global IPv6 address unexpectedly even when macvlan network is created for pure IPv4 network [rhel-8.7.0.z]

Summary: Podman container got global IPv6 address unexpectedly even when macvlan netwo...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	podman
Sub Component:
Version:	8.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Jindrich Novy
QA Contact:	Joy Pu
Docs Contact:
URL:
Whiteboard:
Depends On:	2126243
Blocks:
TreeView+	depends on / blocked

Reported:	2022-10-10 08:15 UTC by RHEL Program Management Team
Modified:	2023-09-19 04:28 UTC (History)
CC List:	16 users (show)
Fixed In Version:	netavark-1.1.0-7.el8_7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2126243
Environment:
Last Closed:	2022-11-08 11:30:48 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	containers netavark pull 435	None	Merged	[v1.1.0-rhel] Do not use ipv6 autoconf	2022-10-25 07:35:44 UTC
Red Hat Issue Tracker	RHELPLAN-136009	None	None	None	2022-10-10 08:16:20 UTC
Red Hat Product Errata	RHSA-2022:7822	None	None	None	2022-11-08 11:31:12 UTC

Comment 1 Tom Sweeney 2022-10-10 20:40:50 UTC

Once merged, will be fixed with https://github.com/containers/netavark/pull/435

Comment 2 Oneata Mircea Teodor 2022-10-18 07:57:43 UTC

Hello,
All 0Day errata must be submitted to QE by the 26th of October

Comment 3 Jindrich Novy 2022-10-19 10:15:44 UTC

Paul, it seems the build of netavark off v1.1.0-rhel branch fails with: http://download.eng.bos.redhat.com/brewroot/work/tasks/3573/48413573/build.log

Do you mind having a look? Seems vendor tarball needs updating?

Comment 4 Jindrich Novy 2022-10-19 10:34:41 UTC

Similar situation for aardvark-dns:

http://download.eng.bos.redhat.com/brewroot/work/tasks/4054/48414054/build.log

Comment 10 Joy Pu 2022-10-26 06:23:16 UTC

Test with podman-4.2.0-3.module+el8.7.0+17049+f4ed52ac.x86_64 and netavark-1.1.0-7.module+el8.7.0+17049+f4ed52ac.x86_64 and it works as expected. The global ipv6 addr is gone inside the container. So set this to verified.
# podman --log-level debug run -itd --name c1 --ip=10.85.41.247 --network ens3 quay.io/libpod/busybox
INFO[0000] podman filtering at log level debug          
DEBU[0000] Called run.PersistentPreRunE(podman --log-level debug run -itd --name c1 --ip=10.85.41.247 --network ens3 quay.io/libpod/busybox) 
DEBU[0000] Merged system config "/usr/share/containers/containers.conf" 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /var/lib/containers/storage 
DEBU[0000] Using run root /run/containers/storage       
DEBU[0000] Using static dir /var/lib/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/libpod                    
DEBU[0000] Using volume path /var/lib/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that metacopy is being used 
DEBU[0000] Cached value indicated that native-diff is not being used 
INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=true 
DEBU[0000] Initializing event backend file              
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument 
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument 
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument 
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument 
DEBU[0000] Using OCI runtime "/usr/bin/runc"            
INFO[0000] Setting parallel job count to 13             
DEBU[0000] Pulling image quay.io/libpod/busybox (policy: missing) 
DEBU[0000] Looking up image "quay.io/libpod/busybox" in local containers storage 
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] } 
DEBU[0000] Trying "quay.io/libpod/busybox:latest" ...   
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Found image "quay.io/libpod/busybox" as "quay.io/libpod/busybox:latest" in local containers storage 
DEBU[0000] Found image "quay.io/libpod/busybox" as "quay.io/libpod/busybox:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f) 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Looking up image "quay.io/libpod/busybox:latest" in local containers storage 
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] } 
DEBU[0000] Trying "quay.io/libpod/busybox:latest" ...   
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Found image "quay.io/libpod/busybox:latest" as "quay.io/libpod/busybox:latest" in local containers storage 
DEBU[0000] Found image "quay.io/libpod/busybox:latest" as "quay.io/libpod/busybox:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f) 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Looking up image "quay.io/libpod/busybox" in local containers storage 
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] } 
DEBU[0000] Trying "quay.io/libpod/busybox:latest" ...   
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Found image "quay.io/libpod/busybox" as "quay.io/libpod/busybox:latest" in local containers storage 
DEBU[0000] Found image "quay.io/libpod/busybox" as "quay.io/libpod/busybox:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f) 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Inspecting image f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Inspecting image f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f 
DEBU[0000] Inspecting image f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f 
DEBU[0000] Inspecting image f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f 
DEBU[0000] using systemd mode: false                    
DEBU[0000] setting container name c1                    
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading seccomp profile from "/usr/share/containers/seccomp.json" 
DEBU[0000] Successfully loaded network ens3: &{ens3 ffde1b5b11bda8e51db56f3b747d14a17fd4d672d950d950d86f31ac6cfbd3fe macvlan ens3 2022-10-25 06:27:39.315183134 -0400 EDT [{{{10.85.40.0 fffff800}} 10.85.40.1 <nil>}] false false true map[] map[] map[driver:host-local]} 
DEBU[0000] Successfully loaded 2 networks               
DEBU[0000] Allocated lock 0 for container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] exporting opaque data as blob "sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f" 
DEBU[0000] Cached value indicated that idmapped mounts for overlay are not supported 
DEBU[0000] Check for idmapped mounts support            
DEBU[0000] Created container "5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7" 
DEBU[0000] Container "5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7" has work directory "/var/lib/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata" 
DEBU[0000] Container "5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7" has run directory "/run/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata" 
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that overlay is supported 
DEBU[0000] Cached value indicated that metacopy is being used 
DEBU[0000] Made network namespace at /run/netns/netns-ce75426a-d88b-36b4-cd7d-3b5d43a7cf09 for container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=true 
DEBU[0000] overlay: mount_data=lowerdir=/var/lib/containers/storage/overlay/l/QRZGZPUYFCAI4KJCXHW44QAHC3,upperdir=/var/lib/containers/storage/overlay/d671315b004b7cb642e199613c40294ca72c6f7acdb9e50c50a92055fd8d144a/diff,workdir=/var/lib/containers/storage/overlay/d671315b004b7cb642e199613c40294ca72c6f7acdb9e50c50a92055fd8d144a/work,nodev,metacopy=on,context="system_u:object_r:container_file_t:s0:c603,c986" 
DEBU[0000] Mounted container "5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7" at "/var/lib/containers/storage/overlay/d671315b004b7cb642e199613c40294ca72c6f7acdb9e50c50a92055fd8d144a/merged" 
DEBU[0000] Created root filesystem for container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 at /var/lib/containers/storage/overlay/d671315b004b7cb642e199613c40294ca72c6f7acdb9e50c50a92055fd8d144a/merged 
[DEBUG netavark::network::validation] "Validating network namespace..."
[DEBUG netavark::commands::setup] "Setting up..."
[INFO  netavark::firewall] Using iptables firewall driver
[DEBUG netavark::network::core_utils] Setting sysctl value for net.ipv4.ip_forward to 1
[DEBUG netavark::commands::setup] Setting up network ens3 with driver macvlan
[DEBUG netavark::network::core] Container macvlan name: "eth0"
[DEBUG netavark::network::core] Master interface name: "ens3"
[DEBUG netavark::network::core] IP address for macvlan: [10.85.41.247/21]
[DEBUG netavark::network::core_utils] Setting sysctl value for /proc/sys/net/ipv6/conf/eth0/autoconf to 0
[DEBUG netavark::network::core] Configured static up address for eth0
[DEBUG netavark::network::core] Container macvlan mac: "fe:00:dc:66:1a:17"
[DEBUG netavark::commands::setup] {
        "ens3": StatusBlock {
            dns_search_domains: Some(
                [],
            ),
            dns_server_ips: Some(
                [],
            ),
            interfaces: Some(
                {
                    "eth0": NetInterface {
                        mac_address: "fe:00:dc:66:1a:17",
                        subnets: Some(
                            [
                                NetAddress {
                                    gateway: Some(
                                        10.85.40.1,
                                    ),
                                    ipnet: 10.85.41.247/21,
                                },
                            ],
                        ),
                    },
                },
            ),
        },
    }
[DEBUG netavark::commands::setup] "Setup complete"
DEBU[0000] Adding nameserver(s) from network status of '[]' 
DEBU[0000] Adding search domain(s) from network status of '[]' 
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode subscription 
DEBU[0000] Setting Cgroups for container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 to machine.slice:libpod:5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d 
DEBU[0000] added hook /usr/share/containers/oci/hooks.d/oci-seccomp-bpf-hook.json 
DEBU[0000] hook oci-seccomp-bpf-hook.json did not match 
DEBU[0000] Workdir "/" resolved to host path "/var/lib/containers/storage/overlay/d671315b004b7cb642e199613c40294ca72c6f7acdb9e50c50a92055fd8d144a/merged" 
DEBU[0000] Created OCI spec for container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 at /var/lib/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -c 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 -u 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 -r /usr/bin/runc -b /var/lib/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata -p /run/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata/pidfile -n c1 --exit-dir /run/libpod/exits --full-attach -s -l k8s-file:/var/lib/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata/ctr.log --log-level debug --syslog -t --conmon-pidfile /run/containers/storage/overlay-containers/5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /var/lib/containers/storage --exit-command-arg --runroot --exit-command-arg /run/containers/storage --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/libpod --exit-command-arg --network-config-dir --exit-command-arg  --exit-command-arg --network-backend --exit-command-arg netavark --exit-command-arg --volumepath --exit-command-arg /var/lib/containers/storage/volumes --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mountopt=nodev,metacopy=on --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg --syslog --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7]"
INFO[0000] Running conmon under slice machine.slice and unitName libpod-conmon-5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7.scope 
DEBU[0000] Received: 150524                             
INFO[0000] Got Conmon PID as 150512                     
DEBU[0000] Created container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 in OCI runtime 
DEBU[0000] Starting container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 with command [sh] 
DEBU[0000] Started container 5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7 
5c30360266f4108c5925050fb0afd9fbcd35fed81b362b43d5837532219d55d7
DEBU[0000] Called run.PersistentPostRunE(podman --log-level debug run -itd --name c1 --ip=10.85.41.247 --network ens3 quay.io/libpod/busybox) 
[root@sweetpig-6 ~]#  podman exec -ti c1 sh
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr FE:00:DC:66:1A:17  
          inet addr:10.85.41.247  Bcast:10.85.47.255  Mask:255.255.248.0
          inet6 addr: fe80::fc00:dcff:fe66:1a17/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:139 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8514 (8.3 KiB)  TX bytes:602 (602.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # exit

Comment 14 errata-xmlrpc 2022-11-08 11:30:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7822

Comment 15 Red Hat Bugzilla 2023-09-19 04:28:02 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.