podman system service: /usr/bin/slirp4netns failed: open("/dev/net/tun")

[lburgazzoli]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

I'm trying to set-up podman to work with TestContainers but I see a failure related to slirp4netns and the tun device

Steps to reproduce the issue:

1. podman system service -t 0 tcp:localhost:8880
2. export DOCKER_HOST=tcp://localhost:8880
3. export DOCKER_HOST=tcp://localhost:8880
4. run the camel-azure-storage-blob tests in apache/camel

Describe the results you received:

Output of podman system service (debug log):

INFO[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- POST /v1.30/containers/4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a/start BEGIN 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: Accept=[application/json] 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: Content-Type=[application/json] 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: Content-Length=[0] 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: Connection=[Keep-Alive] 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: Accept-Encoding=[gzip] 
DEBU[0061] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- Header: User-Agent=[okhttp/3.14.4] 
DEBU[0061] overlay: mount_data=,lowerdir=/home/luca/.local/share/containers/storage/overlay/l/X33QG3BZXXQP5I23EED5AOCOL5,upperdir=/home/luca/.local/share/containers/storage/overlay/0bc0d21dd7912a8bb41361c38aafbaf137c409bc3e7e4478a2ca4a428724fb76/diff,workdir=/home/luca/.local/share/containers/storage/overlay/0bc0d21dd7912a8bb41361c38aafbaf137c409bc3e7e4478a2ca4a428724fb76/work 
DEBU[0061] Made network namespace at /run/user/1000/netns/cni-43742b93-3a1f-b500-110c-c9d5ce8f5539 for container 4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a 
DEBU[0061] mounted container "4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a" at "/home/luca/.local/share/containers/storage/overlay/0bc0d21dd7912a8bb41361c38aafbaf137c409bc3e7e4478a2ca4a428724fb76/merged" 
DEBU[0061] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1000/netns/cni-43742b93-3a1f-b500-110c-c9d5ce8f5539 tap0 
DEBU[0062] Created root filesystem for container 4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a at /home/luca/.local/share/containers/storage/overlay/0bc0d21dd7912a8bb41361c38aafbaf137c409bc3e7e4478a2ca4a428724fb76/merged 
DEBU[0062] unmounted container "4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a" 
DEBU[0062] Tearing down network namespace at /run/user/1000/netns/cni-43742b93-3a1f-b500-110c-c9d5ce8f5539 for container 4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a 
DEBU[0062] Cleaning up container 4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a 
DEBU[0062] Network is already cleaned up, skipping...   
DEBU[0062] Container 4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a storage is already unmounted, skipping... 
INFO[0062] Request Failed(Internal Server Error): /usr/bin/slirp4netns failed: "open(\"/dev/net/tun\"): No such device\nWARNING: Support for seccomp is experimental\nchild failed(1)\nWARNING: Support for seccomp is experimental\n" 
DEBU[0062] APIHandler(0b3792a7-a24d-4bde-a330-81b4e2ebd05c) -- POST /v1.30/containers/4a953da6726efcc4c9ac10b92cc555697a08fe8c19715a945f5e5a4d23e8701a/start END 

Additional information you deem important (e.g. issue happens only occasionally):

I've followed steps form the following issues:

• Podman support testcontainers/testcontainers-java#2088
• Support TestContainers #7927

Output of podman version:

$ podman version
Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.16
Git Commit:   c640670e85c4aaaff92741691d6a854a90229d8d
Built:        Sun Feb 21 16:29:46 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.19.4
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.0.26-1
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: 0e155c83aa739ef0a0540ec9f9d265f57f68038b'
  cpus: 4
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  hostname: moon
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.11.1-arch1-1
  linkmode: dynamic
  memFree: 7101640704
  memTotal: 12241866752
  ociRuntime:
    name: runc
    package: /usr/bin/runc is owned by runc 1.0.0rc93-1
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc93
      commit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
      spec: 1.0.2-dev
      go: go1.15.7
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.1.9-1
    version: |-
      slirp4netns version 1.1.9
      commit: 4e37ea557562e0d7a64dc636eff156f64927335e
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 19835191296
  swapTotal: 19835191296
  uptime: 5h 1m 8.98s (Approximately 0.21 days)
registries:
  search:
  - docker.io
  - quay.io
store:
  configFile: /home/luca/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: /usr/bin/fuse-overlayfs is owned by fuse-overlayfs 1.4.0-1
      Version: |-
        fusermount3 version: 3.10.2
        fuse-overlayfs: version 1.4
        FUSE library version 3.10.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/luca/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  volumePath: /home/luca/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 1613921386
  BuiltTime: Sun Feb 21 16:29:46 2021
  GitCommit: c640670e85c4aaaff92741691d6a854a90229d8d
  GoVersion: go1.16
  OsArch: linux/amd64
  Version: 3.0.1

Package info (e.g. output of rpm -q podman or apt list podman):

$ yay -Qe podman
podman 3.0.1-2

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Host OS is Arch Linux

[Luap99]

You need to load the tun kernel module https://www.kernel.org/doc/html/latest/networking/tuntap.html

[lburgazzoli]

oh, stupid me, I did a kernel update ...

[markstos]

I ran into this on Arch Linux. A reboot resolved it.