The anbox container can not connect to the network

[gmg137]

anbox system-info:

version: local-/bin/sh: git: command not found
os:
  name: openSUSE Tumbleweed
  version: 
  snap-based: false
kernel:
  version: Linux version 4.12.8-1-default (geeko@buildhost) (gcc version 7.1.1 20170629 [gcc-7-branch revision 249772] (SUSE Linux) ) #1 SMP PREEMPT Thu Aug 17 05:30:12 UTC 2017 (4d7933a)
  binder: true
  ashmem: true
graphics:
  egl:
    vendor: Mesa Project
    version: 1.5 (DRI2)
    extensions:
      - EGL_CHROMIUM_sync_control
      - EGL_EXT_buffer_age
      - EGL_EXT_create_context_robustness
      - EGL_EXT_image_dma_buf_import
      - EGL_KHR_cl_event2
      - EGL_KHR_config_attribs
      - EGL_KHR_create_context
      - EGL_KHR_fence_sync
      - EGL_KHR_get_all_proc_addresses
      - EGL_KHR_gl_colorspace
      - EGL_KHR_gl_renderbuffer_image
      - EGL_KHR_gl_texture_2D_image
      - EGL_KHR_gl_texture_3D_image
      - EGL_KHR_gl_texture_cubemap_image
      - EGL_KHR_image
      - EGL_KHR_image_base
      - EGL_KHR_image_pixmap
      - EGL_KHR_no_config_context
      - EGL_KHR_reusable_sync
      - EGL_KHR_surfaceless_context
      - EGL_KHR_wait_sync
      - EGL_MESA_configless_context
      - EGL_MESA_drm_image
      - EGL_MESA_image_dma_buf_export
      - EGL_NOK_texture_from_pixmap
      - EGL_WL_bind_wayland_display
  gles2:
    vendor: X.Org
    vendor: OpenGL ES-CM 1.1 Mesa 17.1.6
    extensions:
      - GL_EXT_blend_minmax
      - GL_EXT_multi_draw_arrays
      - GL_EXT_texture_filter_anisotropic
      - GL_EXT_texture_lod_bias
      - GL_OES_byte_coordinates
      - GL_OES_fixed_point
      - GL_OES_stencil_wrap
      - GL_OES_compressed_paletted_texture
      - GL_OES_query_matrix
      - GL_OES_read_format
      - GL_OES_single_precision
      - GL_EXT_texture_compression_dxt1
      - GL_OES_draw_texture
      - GL_OES_point_size_array
      - GL_OES_point_sprite
      - GL_EXT_texture_format_BGRA8888
      - GL_OES_compressed_ETC1_RGB8_texture
      - GL_OES_depth24
      - GL_OES_element_index_uint
      - GL_OES_fbo_render_mipmap
      - GL_OES_framebuffer_object
      - GL_OES_mapbuffer
      - GL_OES_rgb8_rgba8
      - GL_OES_stencil8
      - GL_OES_texture_env_crossbar
      - GL_OES_texture_mirrored_repeat
      - GL_OES_texture_npot
      - GL_OES_EGL_image
      - GL_OES_packed_depth_stencil
      - GL_OES_texture_cube_map
      - GL_APPLE_texture_max_level
      - GL_EXT_discard_framebuffer
      - GL_EXT_read_format_bgra
      - GL_OES_blend_equation_separate
      - GL_OES_blend_func_separate
      - GL_OES_blend_subtract
      - GL_OES_EGL_image_external
      - GL_OES_EGL_sync
      - GL_OES_vertex_array_object
      - GL_ANGLE_texture_compression_dxt3
      - GL_ANGLE_texture_compression_dxt5
      - GL_EXT_map_buffer_range
      - GL_KHR_debug
      - GL_OES_surfaceless_context
      - GL_EXT_compressed_ETC1_RGB8_sub_texture
      - GL_EXT_polygon_offset_clamp

I use the openSUSE TumbleWeed + GNOME + 4.12.8 kernel, the installation of anbox after the application can start normally, but the anbox container can not connect to the network.

ifconfig:

anbox0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.250.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::bc94:4ff:fec0:3194  prefixlen 64  scopeid 0x20<link>
        ether fe:55:1d:8f:50:72  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 544 (544.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 57  bytes 10404 (10.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.2  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::4055:8b36:96f9:9c0f  prefixlen 64  scopeid 0x20<link>
        ether 40:8d:5c:78:d2:3d  txqueuelen 1000  (Ethernet)
        RX packets 1235496  bytes 1549309366 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 727902  bytes 58273190 (55.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 38844  bytes 444556554 (423.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38844  bytes 444556554 (423.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethEA4JQQ: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc55:1dff:fe8f:5072  prefixlen 64  scopeid 0x20<link>
        ether fe:55:1d:8f:50:72  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30  bytes 5582 (5.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

adb shell ifconfig:

eth0      Link encap:Ethernet  HWaddr ae:3e:ec:f8:f8:6f
          inet addr:192.168.250.2  Bcast:192.168.250.255  Mask:255.255.255.0 
          inet6 addr: fe80::ac3e:ecff:fef8:f86f/64 Scope: Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:9317 TX bytes:1006 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0 
          inet6 addr: ::1/128 Scope: Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:800 TX bytes:800

sudo brcli show:

bridge name	bridge id		STP enabled	interfaces
anbox0		8000.fe551d8f5072	no		vethEA4JQQ

sudo systemctl status anbox-container-manager.service :

● anbox-container-manager.service - Anbox container manager
   Loaded: loaded (/usr/lib/systemd/system/anbox-container-manager.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-09-01 17:21:17 CST; 12min ago
  Process: 16798 ExecStartPre=/sbin/modprobe -v -a ashmem_linux binder_linux (code=exited, status=0/SUCCESS)
 Main PID: 16829 (anbox)
    Tasks: 10 (limit: 4915)
   CGroup: /system.slice/anbox-container-manager.service
           ├─16829 anbox container-manager --data-path=/var/lib/anbox --android-image=/var/lib/anbox/android.img --privileged
           ├─16948 [lxc monitor] /var/lib/anbox/containers default
           ├─16959 /system/bin/sh /anbox-init.sh
           ├─16972 /init --second-stage
           ├─16973 /sbin/ueventd
           ├─16975 /system/bin/logd
           ├─16976 /system/bin/debuggerd
           ├─16977 /system/bin/debuggerd64
           ├─16978 /system/bin/vold --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 --fsck_context=u:r:fsck:s0 --fsck_untrusted_
           ├─16984 debuggerd64:signaller
           ├─16989 debuggerd:signaller
           ├─16991 /sbin/healthd
           ├─16993 /system/bin/anboxd
           ├─16994 /system/bin/logcat -f /data/system.log -r 2048 -n 4
           ├─16995 /system/bin/lmkd
           ├─16996 /system/bin/servicemanager
           ├─16997 /system/bin/surfaceflinger
           ├─16998 zygote64
           ├─16999 zygote
           ├─17000 /system/bin/audioserver
           ├─17001 /system/bin/cameraserver
           ├─17002 /system/bin/drmserver
           ├─17003 /system/bin/installd
           ├─17004 /system/bin/keystore /data/misc/keystore
           ├─17005 media.codec mediacodec
           ├─17006 /system/bin/mediadrmserver
           ├─17007 media.extractor aextractor
           ├─17008 /system/bin/mediaserver
           ├─17009 /system/bin/netd
           ├─17010 /system/bin/fingerprintd
           ├─17011 /system/bin/gatekeeperd /data/misc/gatekeeper
           ├─17015 /system/xbin/perfprofd
           ├─17019 /system/bin/sh
           ├─17020 /sbin/adbd --root_seclabel=u:r:su:s0
           ├─17101 system_server
           ├─17183 com.android.systemui
           ├─17189 /system/bin/sdcard -u 1023 -g 1023 -m -w /data/media emulated
           ├─17246 com.android.phone
           ├─17260 com.android.settings
           ├─17350 android.ext.services
           ├─17373 org.anbox.appmgr
           ├─17400 com.android.smspush
           ├─17415 com.android.deskclock
           ├─17439 android.process.media
           ├─17471 com.android.calendar
           ├─17500 com.android.providers.calendar
           ├─17523 com.android.email
           ├─17547 com.android.managedprovisioning
           ├─17562 com.android.onetimeinitializer
           └─17583 android.process.acore

9月 01 17:21:17 linux-bnry.suse anbox[16829]: You are running the container manager manually which is most likely not
9月 01 17:21:17 linux-bnry.suse anbox[16829]: what you want. The container manager is normally started by systemd or
9月 01 17:21:17 linux-bnry.suse anbox[16829]: another init system. If you still want to run the container-manager
9月 01 17:21:17 linux-bnry.suse anbox[16829]: you can get rid of this warning by starting with the --daemon option.
9月 01 17:21:17 linux-bnry.suse anbox[16829]: 
9月 01 17:21:17 linux-bnry.suse anbox[16829]: Everything setup. Waiting for incoming connections.
9月 01 17:21:39 linux-bnry.suse anbox[16829]: Got connection from pid 16928
9月 01 17:21:39 linux-bnry.suse anbox[16829]: Containers are stored in /var/lib/anbox/containers
9月 01 17:21:39 linux-bnry.suse anbox[16829]: Using rootfs path /var/lib/anbox/rootfs
9月 01 17:21:39 linux-bnry.suse anbox[16829]: Container successfully started

sudo systemctl status anbox-bridge.service :

● anbox-bridge.service - Anbox network bridge
   Loaded: loaded (/usr/lib/systemd/system/anbox-bridge.service; enabled; vendor preset: enabled)
   Active: active (exited) since Fri 2017-09-01 17:21:17 CST; 13min ago
  Process: 16797 ExecStart=/usr/lib/anbox/anbox-bridge.sh start (code=exited, status=0/SUCCESS)
 Main PID: 16797 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/anbox-bridge.service

9月 01 17:21:17 linux-bnry.suse systemd[1]: Starting Anbox network bridge...
9月 01 17:21:17 linux-bnry.suse systemd[1]: Started Anbox network bridge.

[velemas]

Same issue in ARCH. There is no default gateway in the container (adb shell) and bridge 192.168.250.1 is not accessible.

[ephemient]

If you adb shell into the Anbox container, you can see that not only is the default gateway missing, but the default routing policies are somehow missing too.

x86_64:/ # ip route
192.168.250.0/24 dev eth0  proto kernel  scope link  src 192.168.250.2 
x86_64:/ # ip rule
0:      from all lookup local 
10000:  from all fwmark 0xc0000/0xd0000 lookup 99 
13000:  from all fwmark 0x10063/0x1ffff lookup 97 
13000:  from all fwmark 0x10064/0x1ffff lookup 1055 
15000:  from all fwmark 0x0/0x10000 lookup 99 
16000:  from all fwmark 0x0/0x10000 lookup 98 
17000:  from all fwmark 0x0/0x10000 lookup 97 

This can be manually fixed (either as root inside the container, or using ip -netns from outside).

x86_64:/ # ip route add default dev eth0 via 192.168.250.1
x86_64:/ # ip rule add pref 32766 table main
x86_64:/ # ip rule add pref 32767 table local                                  

I don't understand how it would have ended up in this state, though.

[velemas]

@ephemient how do you run commands as root in adb shell? I have issue #429 :
x86_64:/ $ /system/xbin/su -c "echo test"
/system/bin/sh: /system/xbin/su: can't execute: Permission denied

x86_64:/ $ ls -l /system/xbin/su -rwsr-x--- 1 u1_root u1_shell 10344 2017-07-13 11:19 /system/xbin/su

x86_64:/ $ id uid=2000(shell) gid=2000(shell) groups=2000(shell),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc)

Additionally ip netns list gives nothing. But maybe it's because of my arch installation.

[ephemient]

Yeah, and adb root seems to crash too. 😞

@velemas I was using my own anbox-shell script to enter the Anbox container.

[velemas]

@ephemient thanks a lot, now it works with your script.

Last time I tried anbox in May and it was working fine but now we have this issue.

[easezhi]

@ephemient it works,thx.在adb shell中，切换到root，用上面的ip route和ip rule命令执行，就能连上网了。

[webmagnets]

I am using your script, but when I type ip route add default dev eth0 via 192.168.250.1 I get an error that says: RTNETLINK answers: Operation not permitted

[velemas]

@webmagnets you might have done it very early when eth0 address hasn't yet been set to 192.168.250.2.

Try using ip addr show eth0 to check address of eth0 and after it has been changed to 192.168.250.2 you may set the default route.

[webmagnets]

This is what I see:

2|x86_64:/system/bin $ ip addr show eth0
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:68:33:34:9f:ae brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.250.2/24 brd 192.168.250.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::1468:33ff:fe34:9fae/64 scope link 
       valid_lft forever preferred_lft forever
x86_64:/system/bin $ ip route add default dev eth0 via 192.168.250.1                     
RTNETLINK answers: Operation not permitted
2|x86_64:/system/bin $ 

[ephemient]

@webmagnets You're not root.

[webmagnets]

I just now ran this webmagnets@dellinux:~$ sudo python3 ~/Downloads/5351b1afa681ca67823fe2e11190e721-db9d4528a3e8b376ec90c820ca694b5fb124da77/anbox-shell

x86_64:/ $ ip route add default eth0 via 192.168.250.1                      
Error: either "to" is duplicate, or "eth0" is a garbage.
255|x86_64:/ $ ip rule add pref 32766 table main                               
RTNETLINK answers: Operation not permitted
2|x86_64:/ $ ip rule add pref 32767 table local
RTNETLINK answers: Operation not permitted

[ephemient]

You're not root inside the container. Maybe a userns uid mapping issue or something. Not sure how your system is set up, though, the script works elsewhere.

[webmagnets]

I really appreciate you taking the time to help me.

Does this help?:

webmagnets@dellinux:~$ anbox --command system-info
version: 3
snap-revision: 64
os:
  name: Ubuntu
  version: 17.10 (Artful Aardvark)
  snap-based: true
kernel:
  version: Linux version 4.13.0-16-generic (buildd@lcy01-02) (gcc version 7.2.0 (Ubuntu 7.2.0-8ubuntu2)) #19-Ubuntu SMP Wed Oct 11 18:35:14 UTC 2017
  binder: true
  ashmem: true
graphics:
  egl:
    vendor: Mesa Project
    version: 1.4 (DRI2)
    extensions:
      - EGL_CHROMIUM_sync_control
      - EGL_EXT_buffer_age
      - EGL_EXT_create_context_robustness
      - EGL_EXT_image_dma_buf_import
      - EGL_KHR_config_attribs
      - EGL_KHR_create_context
      - EGL_KHR_fence_sync
      - EGL_KHR_get_all_proc_addresses
      - EGL_KHR_gl_renderbuffer_image
      - EGL_KHR_gl_texture_2D_image
      - EGL_KHR_gl_texture_3D_image
      - EGL_KHR_gl_texture_cubemap_image
      - EGL_KHR_image
      - EGL_KHR_image_base
      - EGL_KHR_image_pixmap
      - EGL_KHR_no_config_context
      - EGL_KHR_reusable_sync
      - EGL_KHR_surfaceless_context
      - EGL_KHR_wait_sync
      - EGL_MESA_configless_context
      - EGL_MESA_drm_image
      - EGL_MESA_image_dma_buf_export
      - EGL_NOK_texture_from_pixmap
      - EGL_WL_bind_wayland_display
  gles2:
    vendor: Intel Open Source Technology Center
    vendor: OpenGL ES-CM 1.1 Mesa 17.0.7
    extensions:
      - GL_EXT_blend_minmax
      - GL_EXT_multi_draw_arrays
      - GL_EXT_texture_filter_anisotropic
      - GL_EXT_texture_lod_bias
      - GL_OES_byte_coordinates
      - GL_OES_fixed_point
      - GL_OES_stencil_wrap
      - GL_OES_compressed_paletted_texture
      - GL_OES_query_matrix
      - GL_OES_read_format
      - GL_OES_single_precision
      - GL_EXT_texture_compression_dxt1
      - GL_OES_draw_texture
      - GL_OES_point_size_array
      - GL_OES_point_sprite
      - GL_EXT_texture_format_BGRA8888
      - GL_OES_compressed_ETC1_RGB8_texture
      - GL_OES_depth24
      - GL_OES_element_index_uint
      - GL_OES_fbo_render_mipmap
      - GL_OES_framebuffer_object
      - GL_OES_mapbuffer
      - GL_OES_rgb8_rgba8
      - GL_OES_stencil8
      - GL_OES_texture_env_crossbar
      - GL_OES_texture_mirrored_repeat
      - GL_OES_texture_npot
      - GL_OES_EGL_image
      - GL_OES_packed_depth_stencil
      - GL_OES_texture_cube_map
      - GL_APPLE_texture_max_level
      - GL_EXT_discard_framebuffer
      - GL_EXT_read_format_bgra
      - GL_OES_blend_equation_separate
      - GL_OES_blend_func_separate
      - GL_OES_blend_subtract
      - GL_OES_EGL_image_external
      - GL_OES_EGL_sync
      - GL_OES_vertex_array_object
      - GL_ANGLE_texture_compression_dxt3
      - GL_ANGLE_texture_compression_dxt5
      - GL_EXT_map_buffer_range
      - GL_KHR_debug
      - GL_OES_surfaceless_context
      - GL_EXT_polygon_offset_clamp

[ephemient]

My installation isn't snap-based, it could be something Snap is setting up differently.

It's possible that os.setuid(0), os.setgid(0) after the script's Namespace._enterns will work. I'm not sure though.

[shemgp]

Running the following commands made my network work in Anbox, running Ubuntu 17.10:

adb shell
su
ip route add default dev eth0 via 192.168.250.1
ip rule add pref 32766 table main
ip rule add pref 32767 table local

[ducklin5]

Its seems these commands have to be run everytime anbox is started. I guess the only real fix now is a script?

[petr-nehez]

I can confirm #443 (comment) fixes the issue for me in 17.10 but it needs to be run everytime Anbox is started.

[Alberto115x]

@ephemient The script gives me the following error

# python3 anbox-shell
Traceback (most recent call last):
  File "anbox-shell", line 71, in __enter__
    self._enterns()
  File "anbox-shell", line 54, in _enterns
    raise OSError(rc, errno.errorcode[rc], name)
OSError: [Errno 22] EINVAL: 'user'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "anbox-shell", line 302, in <module>
    sys.exit(main())
  File "anbox-shell", line 292, in main
    with Process(libc, pid).namespaces(names=args.ns or None) as ns:
  File "anbox-shell", line 80, in __enter__
    if self.__exit__(*sys.exc_info()):
  File "anbox-shell", line 89, in __exit__
    with self._orig:
  File "anbox-shell", line 71, in __enter__
    self._enterns()
  File "anbox-shell", line 54, in _enterns
    raise OSError(rc, errno.errorcode[rc], name)
OSError: [Errno 22] EINVAL: 'user'

[chocholo]

I have same/similar issue but workaround fails for me.

x86_64:/ # ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
x86_64:/ #  ip route add default dev eth0 via 10.0.1.1
Cannot find device "eth0"

It may be relevant to fact my host machine has no eth0 as well? I mean:

$ ip a l 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 58:00:e3:e1:74:d3 brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.10/24 brd 10.0.1.255 scope global dynamic noprefixroute wlp1s0
       valid_lft 84632sec preferred_lft 84632sec
    inet6 fe80::e29:4526:ef32:7e7a/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:57:3e:d5:8d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
$ ip route
default via 10.0.1.1 dev wlp1s0 proto dhcp metric 600
10.0.1.0/24 dev wlp1s0 proto kernel scope link src 10.0.1.10 metric 600
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown

[Arucard1983]

As an additional remark, the unofficial packages for Debian, where can be obtained here:
https://ftp.ustclug.org/~zsj/anbox/
don't have this issue, and the expected Internet connection work out-of-the-box.

[kode54]

I can confirm this is still an issue with the Snap package version 4-558d646. I can no longer find the current snap when using snap search anbox, and only find anbox-installer, has this replaced the old container?

[morphis]

@kode54 You should not have been able to find the anbox snap via snap find ever as it is requiring devmode and because of that not yet in stable. This makes them not available in the snap find output. The anbox-installer snap is deprecated and should not be used anymore.

Can you provide the output of anbox.collect-bug-info so that we can look into the details?

[kode54]

Here you go:

anbox-system-diagnostics-2018-08-08.zip

I also look forward to that install-playstore.sh being updated to take advantage of the rootfs overlay functionality, although it looks like it also needs to be used to restore permissions that are normally revoked. I don't think they're actually needed, though.

E: Worse still, when I try this with the edge version, Play Store locks up on launch.

E2: Running the package unmodified is probably the best course of action. Revision 134 seems to have working network, and seems to work fine, so long as I'm not modifying it to install the Play Services and Play Store.

[htc1977]

I have a network/routing problem, too. I can ping my anbox from my host, but I can't ping my host or anything beyond the anbox network from anbox.

x86_64:/ # ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7a:ac:6b:1b:8c:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.99.99.2/24 brd 10.99.99.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::78ac:6bff:fe1b:8c76/64 scope link
valid_lft forever preferred_lft forever
x86_64:/ # ip route
default via 10.99.99.1 dev eth0
10.99.99.0/24 dev eth0 proto kernel scope link src 10.99.99.2

anbox-system-diagnostics-2018-10-02.zip

[o1y]

Also had this issue on 18.04 where I had to manually add an ip rule described in #443

But on my host machine I have ipv6.disable=1 in my grub commandline options. After enabling ipv6 the anbox container was able to connect to the network.

[dreamcat4]

Hi there. Installed anbox on 18.04, upgraded the system to 18.10 now. My anbox is a snap package, and the kernem modules were installed from ppa / apt anbox-dkms.

In this configuration, it seems there is no internet connectivity in the android apps. However adb shell and then it shows the following situation, where onlt the root user has network access. And the regular android user (that the andoid apps use) does not have permission to open up network sockets:

$ adb shell
x86_64:/ $ ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0 
          inet6 addr: ::1/128 Scope: Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:248 TX bytes:248 

eth0      Link encap:Ethernet  HWaddr aa:a4:86:61:54:4a
          inet addr:192.168.250.2  Bcast:192.168.250.255  Mask:255.255.255.0 
          inet6 addr: fe80::a8a4:86ff:fe61:544a/64 Scope: Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:282 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:311 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:38403 TX bytes:24538 

x86_64:/ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.250.1   0.0.0.0         UG    0      0        0 eth0
192.168.250.0   *               255.255.255.0   U     0      0        0 eth0
x86_64:/ $ ping -c1 8.8.8.8
ping: icmp open socket: Operation not permitted
2|x86_64:/ $ su
x86_64:/ # ping -c1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=25.7 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 25.785/25.785/25.785/0.000 ms

Very strange. But what I have also noticed now is that there is an anbox deb package in 18.10 cosmic repos. Which is the following version:

anbox/cosmic 0.0~git20180915-1 amd64
  Android in a box

anbox-modules-dkms/now 13 all [installed,local]
  Android kernel driver (binder, ashmem) in DKMS format.

vs my snap package, which is the version:

anbox                 4-e1ecd04       158   beta      morphis      devmode

Maybe I will try nuking the snap package, and reinstalling anbox main package as a .deb, via apt? Will that help?

[morphis]

No, the deb won't help you. It's a much older version coming from Debian. We only support the snap package as we can keep it updated.This needs further investigation.Am 19.01.2019 11:09 schrieb Dreamcat4 <notifications@github.com>:Hi there. Installed anbox on 18.04, upgraded the system to 18.10 now. My anbox is a snap package, and the kernem modules were installed from ppa / apt anbox-dkms. In this configuration, it seems there is no internet connectivity in the android apps. However adb shell and then it shows the following situation, where onlt the root user has network access. And the regular android user (that the andoid apps use) does not have permission to open up network sockets: $ adb shell x86_64:/ $ ifconfig -a lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope: Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:248 TX bytes:248 eth0 Link encap:Ethernet HWaddr aa:a4:86:61:54:4a inet addr:192.168.250.2 Bcast:192.168.250.255 Mask:255.255.255.0 inet6 addr: fe80::a8a4:86ff:fe61:544a/64 Scope: Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:282 errors:0 dropped:0 overruns:0 frame:0 TX packets:311 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:38403 TX bytes:24538 x86_64:/ $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.250.1 0.0.0.0 UG 0 0 0 eth0 192.168.250.0 * 255.255.255.0 U 0 0 0 eth0 x86_64:/ $ ping -c1 8.8.8.8 ping: icmp open socket: Operation not permitted 2|x86_64:/ $ su x86_64:/ # ping -c1 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=25.7 ms

…

--- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 25.785/25.785/25.785/0.000 ms Very strange. But what I have also noticed now is that there is an anbox deb package in 18.10 cosmic repos. Which is the following version: anbox/cosmic 0.0~git20180915-1 amd64 Android in a box anbox-modules-dkms/now 13 all [installed,local] Android kernel driver (binder, ashmem) in DKMS format. vs my snap package, which is the version: anbox 4-e1ecd04 158 beta morphis devmode Maybe I will try nuking the snap package, and reinstalling anbox main package as a .deb, via apt? Will that help? —You are receiving this because you commented.Reply to this email directly, view it on GitHub, or mute the thread.

[effeffe]

Using the anbox-bridge script and following this https://www.rudraraj.net/internet-connection-sharing-ics-on-centos-7/ solved for me.

[Muthembwa]

Running the following commands made my network work in Anbox, running Ubuntu 17.10:

adb shell
su
ip route add default dev eth0 via 192.168.250.1
ip rule add pref 32766 table main
ip rule add pref 32767 table local

This Works fine for me. Kudos.

[tribbloid]

Running the following commands made my network work in Anbox, running Ubuntu 17.10:

adb shell
su
ip route add default dev eth0 via 192.168.250.1
ip rule add pref 32766 table main
ip rule add pref 32767 table local

This Works fine for me. Kudos.

How do I detect the effect of this change? When I run ip route again it doesn't show any difference.

Plus the default DNS 8.8.8.8 doesn't work for a long time. Is there a way to change it to use systemd.resolved?

[MilanKANtony]

Simple solution that worked for me...just run
snap refresh --beta --devmode anbox

[martinmurciego]

Greetings I congratulate you for making this tool. But I would like to use it well from my Ubuntu 18.04 that I will soon put a 20.04 or some Mint. Of course, the official solution to connect to the Internet could not be downloaded to a wiki or FAQ, to be able to use Google Play or some other app that requires the Internet? PS: In all repositories, the response to an issue is waited a long time and when it stops asking; they respond with: since there is no activity the issue is closed!

[epiixgd76]

anbox in ubuntu 18.04 lts not works anbox-bridge.sh and every adb frozes my pc, so I can't connect in anbox

[RossComputerGuy]

Anbox on Arch Linux doesn't work with networking. ADB says it cannot connect.

[RossComputerGuy]

I looked at the container service status and found it isn't able to create anbox0:

● anbox-container-manager.service - Anbox Container Manager
     Loaded: loaded (/usr/lib/systemd/system/anbox-container-manager.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2020-05-06 10:48:15 PDT; 49min ago
   Main PID: 9214 (anbox)
      Tasks: 0 (limit: 9348)
     Memory: 3.2M
     CGroup: /system.slice/anbox-container-manager.service
             ‣ 9214 /usr/bin/anbox container-manager --daemon --privileged --data-path=/var/lib/anbox

May 06 10:48:15 nu-laptop systemd[1]: Started Anbox Container Manager.
May 06 10:48:28 nu-laptop anbox[9214]: Anbox bridge interface 'anbox0' doesn't exist. Network functionality will not be available

[whynnot]

I had this issue while running Mint 18.3 and Anbox version: 4, snap-revision: 186.

It happened whenever I killed Anbox say from System Monitor or after restarting Cinnamon while Anbox was running. (An aside: Cinnamon tends to not resume from Suspend.)

After digging around the web and trying all the above to no end and even after an uninstall and reinstall I finally came across a command that resolved it for me:
sudo snap restart anbox

[Djhg2000]

I'm investigating Anbox issues on Mobian (Debian Bullseye derivative) and got hit with this issue as well. The workaround from @ephemient ( from this comment ) works but it still needs to be applied manually.

Looking at init.goldfish.rc and init.goldfish.sh the default configuration seems to assume a 10.0.2.0/24 subnet for eth0, why is this? Shouldn't those instead configure eth0 with the same 192.168.250.0/24 subnet which Anbox seems to expect elsewhere?

[necessarily-equal]

@Djhg2000 : I had a look at the two files you mention above the other day, and tried changing the values to the correct ones. Unfortunately, that didn't help. (though setting them to random values does break the network, so they seem to be doing something).

Note that postmarketOS suffers from the issue as well. https://gitlab.com/postmarketOS/pmaports/-/issues/480

[baptx]

In case it helps, an alternative way to have Internet access in Anbox is to use a proxy like Squid (or mitmproxy if you want to sniff network traffic) on your computer connected to Internet. Then in the Anbox container, you can use the proxy with a command like adb shell settings put global http_proxy 192.168.250.1:3128 (replace the IP address with the one you see for the Anbox interface when typing ip addr on your computer and use the port number of your proxy).
The proxy can be removed with adb shell settings put global http_proxy :0 (https://stackoverflow.com/questions/56830858/remove-the-global-http-proxy-without-rebooting-the-android-device).
If you use a VPN with an iptables firewall protection that blocks network in case you are disconnected from the VPN (to avoid leaking your real IP address), connecting to the network through a proxy respects your firewall rules which was not the case for me without proxy.

[dos1]

@Djhg2000 No, there's no need to change IPs or adding routes, proxies or whatever. The issue happens when the kernel you use is built without support for network handling features that Android is using. With a properly configured kernel it works fine out of the box.

[necessarily-equal]

Do you have some info on the kernel option necessary? People reported it works for them once they removed the `ipv6.disable=true` kernel parameter. I'm suspecting it only works with ipv6 support, and that the ipv4 setup is really broken.

…

On Mi, Nov 11, 2020 at 13:20, Sebastian Krzyszkowiak ***@***.***> wrote: @Djhg2000 No, there's no need to change IPs or adding proxies or whatever. The issue happens when the kernel you use is built without support for network handling features that Android is using. With a properly configured kernel it works fine out of the box. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[dos1]

I don't remember which one it was exactly (it was while ago that I debugged it), but l found it by looking at why netd was failing to set up the route (my browser search history suggests that it was failing at addInterfaceToNetwork ;)). Making sure that the kernel options recommended by Android were all enabled fixed the problem. I have never even touched IPv6 when debugging this issue.

[renanwp2]

On Debian, downloading the Anbox package and following Arch Wiki (Network section), everything went fine. I bet that Debian Team have made some magic to make it work. =)

[necessarily-equal]

My guess is that the Debian kernel isn't missing some kernel options. I had to enable them explicitly in pmOS to fix the same issue on the pinephone. Le 25 janvier 2021 13:03:02 GMT+01:00, renanwp2 <notifications@github.com> a écrit :

…

On Debian, downloading the Anbox package and following Arch Wiki, everything went fine. I bet that Debian Team have made some magic to make it work. =) -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #443 (comment)

[mozlima]

Network and changes to the route param like 'ip route add default dev eth0 via 192.168.250.1'
only works if remove ipv6.disable=true from kernel parameter

[Adebayo2016]

run this command
sudo systemctl restart snap.anbox.container-manager.service

then start the ./anbox-bridge.sh script

[PluMGMK]

This can be manually fixed (either as root inside the container, or using ip -netns from outside).

x86_64:/ # ip route add default dev eth0 via 192.168.250.1
x86_64:/ # ip rule add pref 32766 table main
x86_64:/ # ip rule add pref 32767 table local                                  

This works for me, but I need to do the first "ip rule" command before the "ip route" one, otherwise I get:

RTNETLINK answers: Network is unreachable

Also, for some reason I don't need the "local" rule at all. Running on Linux from Scratch.

[sarah-noor-12232]

If you adb shell into the Anbox container, you can see that not only is the default gateway missing, but the default routing policies are somehow missing too.

x86_64:/ # ip route
192.168.250.0/24 dev eth0  proto kernel  scope link  src 192.168.250.2 
x86_64:/ # ip rule
0:      from all lookup local 
10000:  from all fwmark 0xc0000/0xd0000 lookup 99 
13000:  from all fwmark 0x10063/0x1ffff lookup 97 
13000:  from all fwmark 0x10064/0x1ffff lookup 1055 
15000:  from all fwmark 0x0/0x10000 lookup 99 
16000:  from all fwmark 0x0/0x10000 lookup 98 
17000:  from all fwmark 0x0/0x10000 lookup 97 

This can be manually fixed (either as root inside the container, or using ip -netns from outside).

x86_64:/ # ip route add default dev eth0 via 192.168.250.1
x86_64:/ # ip rule add pref 32766 table main
x86_64:/ # ip rule add pref 32767 table local                                  

I don't understand how it would have ended up in this state, though.

Thanks, this worked
Note: after running adb shell, remember to run su
you should see a # instead of a $ afterwards like in this quoted comment.
I guess the user forgot to mention it

Another note:
Make sure anbox is open/running while you do this or adb won't enter shell

[nobody43]

Plus the default DNS 8.8.8.8 doesn't work for a long time. Is there a way to change it to use systemd.resolved?

#954 (comment)