From 7befb1bdec088408d850f9f92d6b16948e585965 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:42:08 -0500 Subject: [PATCH 01/18] test/e2e: delete CgV1 skips, delete tests skipped on Cgv2 Signed-off-by: Lokesh Mandvekar From a71e26e7ca312ec970e7043d55d2ed9de7d20db1 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 12:00:05 -0500 Subject: [PATCH 02/18] test/system: Remove cgroupVersion from podman info tests Signed-off-by: Lokesh Mandvekar From 9e78960f051e84bd9f685eb6d4e32da594c90e44 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 15:00:21 -0500 Subject: [PATCH 03/18] cmd/podman: Remove slirp from completions Signed-off-by: Lokesh Mandvekar --- cmd/podman/common/completion.go | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 3f3856906f..ac4f8d2bea 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -1327,26 +1327,10 @@ func AutocompleteNetworkFlag(cmd *cobra.Command, _ []string, toComplete string) "none": nil, "host": nil, "private": nil, - "slirp4netns:": func(s string) ([]string, cobra.ShellCompDirective) { - skv := keyValueCompletion{ - "allow_host_loopback=": getBoolCompletion, - "cidr=": nil, - "enable_ipv6=": getBoolCompletion, - "mtu=": nil, - "outbound_addr=": nil, - "outbound_addr6=": nil, - "port_handler=": func(_ string) ([]string, cobra.ShellCompDirective) { - return []string{"rootlesskit", "slirp4netns"}, cobra.ShellCompDirectiveNoFileComp - }, - } - return completeKeyValues(s, skv) - }, } networks, _ := getNetworks(cmd, toComplete, completeDefault) suggestions, dir := completeKeyValues(toComplete, kv) - // add slirp4netns here it does not work correct if we add it to the kv map - suggestions = append(suggestions, "slirp4netns") return append(networks, suggestions...), dir } From 3909b6d5912ad5562d71524d49cbf10df7ac36e0 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 15:01:17 -0500 Subject: [PATCH 04/18] cmd/podman/root.go: Remove networkCmdPathFlagName Signed-off-by: Lokesh Mandvekar --- cmd/podman/root.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cmd/podman/root.go b/cmd/podman/root.go index ae9e0cf631..95f483b567 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -582,12 +582,6 @@ func rootFlags(cmd *cobra.Command, podmanConfig *entities.PodmanConfig) { pFlags.StringVar(&podmanConfig.ConmonPath, conmonFlagName, "", "Path of the conmon binary") _ = cmd.RegisterFlagCompletionFunc(conmonFlagName, completion.AutocompleteDefault) - // TODO (6.0): --network-cmd-path is deprecated, remove this option with the next major release - // We need to find all the places that use r.config.Engine.NetworkCmdPath and remove it - networkCmdPathFlagName := "network-cmd-path" - pFlags.StringVar(&podmanConfig.ContainersConf.Engine.NetworkCmdPath, networkCmdPathFlagName, podmanConfig.ContainersConfDefaultsRO.Engine.NetworkCmdPath, "Path to the command for configuring the network") - _ = cmd.RegisterFlagCompletionFunc(networkCmdPathFlagName, completion.AutocompleteDefault) - networkConfigDirFlagName := "network-config-dir" pFlags.StringVar(&podmanConfig.ContainersConf.Network.NetworkConfigDir, networkConfigDirFlagName, podmanConfig.ContainersConfDefaultsRO.Network.NetworkConfigDir, "Path of the configuration directory for networks") _ = cmd.RegisterFlagCompletionFunc(networkConfigDirFlagName, completion.AutocompleteDefault) From 7bc44a55d0bd27d31b50853f85ecffca246d6f18 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 09:42:08 -0500 Subject: [PATCH 05/18] test/e2e: delete CgV1 skips, delete tests skipped on Cgv2 Signed-off-by: Lokesh Mandvekar From d23f08123e3fc47eb3b0fc8cfe1ff3cda3084d13 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 12:00:05 -0500 Subject: [PATCH 06/18] test/system: Remove cgroupVersion from podman info tests Signed-off-by: Lokesh Mandvekar From 468bfb5fb652221756d964958a2875034f511a83 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 15:06:45 -0500 Subject: [PATCH 07/18] pkg/specgen/: Remove slirp Signed-off-by: Lokesh Mandvekar --- pkg/specgen/generate/container.go | 17 +---------------- pkg/specgen/generate/container_create.go | 5 +---- pkg/specgen/generate/namespaces.go | 6 ------ pkg/specgen/generate/oci_linux.go | 2 +- pkg/specgen/generate/pod_create.go | 6 ------ pkg/specgen/generate/pod_create_test.go | 17 ----------------- pkg/specgen/namespaces.go | 19 +++---------------- pkg/specgen/namespaces_test.go | 15 --------------- pkg/specgen/pod_validate.go | 4 ++-- pkg/specgen/podspecgen.go | 4 ++-- pkg/specgen/specgen.go | 6 +++--- 11 files changed, 13 insertions(+), 88 deletions(-) diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index a5b5b8dec1..a2c66164f5 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -443,21 +443,6 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID specg.Expose = toExpose specg.PortMappings = conf.PortMappings specg.NetNS = specgen.Namespace{NSMode: specgen.Bridge} - case conf.NetMode.IsSlirp4netns(): - toExpose := make(map[uint16]string, len(conf.ExposedPorts)) - for _, expose := range []map[uint16][]string{conf.ExposedPorts} { - for port, proto := range expose { - toExpose[port] = strings.Join(proto, ",") - } - } - specg.Expose = toExpose - specg.PortMappings = conf.PortMappings - netMode := strings.Split(string(conf.NetMode), ":") - var val string - if len(netMode) > 1 { - val = netMode[1] - } - specg.NetNS = specgen.Namespace{NSMode: specgen.Slirp, Value: val} case conf.NetMode.IsPrivate(): specg.NetNS = specgen.Namespace{NSMode: specgen.Private} case conf.NetMode.IsDefault(): @@ -631,7 +616,7 @@ func CheckName(rt *libpod.Runtime, n string, kind bool) string { // Note: Update `podman run --publish | -p` docs when modifying this function. func isPortMappingCompatibleNetNSMode(nsMode specgen.NamespaceMode) bool { switch nsMode { - case specgen.Bridge, specgen.Slirp, specgen.Pasta: + case specgen.Bridge, specgen.Pasta: return true default: return false diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index d69b0f3f44..676ce079b0 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -23,7 +23,6 @@ import ( "github.com/sirupsen/logrus" "go.podman.io/common/libimage" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "tags.cncf.io/container-device-interface/pkg/parser" ) @@ -203,9 +202,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener return nil, nil, nil, err } switch conf.Network.DefaultRootlessNetworkCmd { - case slirp4netns.BinaryName, "": - s.NetNS.NSMode = specgen.Slirp - case pasta.BinaryName: + case pasta.BinaryName, "": s.NetNS.NSMode = specgen.Pasta default: return nil, nil, nil, fmt.Errorf("invalid default_rootless_network_cmd option %q", diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index a7295334cd..2334ec20be 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -322,12 +322,6 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod. } else { toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr)) } - case specgen.Slirp: - val := "slirp4netns" - if s.NetNS.Value != "" { - val = fmt.Sprintf("slirp4netns:%s", s.NetNS.Value) - } - toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, val, nil)) case specgen.Pasta: val := "pasta" toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, val, nil)) diff --git a/pkg/specgen/generate/oci_linux.go b/pkg/specgen/generate/oci_linux.go index 8d5a08fa2a..278e5b30f8 100644 --- a/pkg/specgen/generate/oci_linux.go +++ b/pkg/specgen/generate/oci_linux.go @@ -50,7 +50,7 @@ func canMountSys(isRootless, isNewUserns bool, s *specgen.SpecGenerator) bool { } if isNewUserns { switch s.NetNS.NSMode { - case specgen.Slirp, specgen.Pasta, specgen.Private, specgen.NoNetwork, specgen.Bridge: + case specgen.Pasta, specgen.Private, specgen.NoNetwork, specgen.Bridge: return true default: return false diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index 9b68daf60c..6a3d592e04 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -203,12 +203,6 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) { return nil, fmt.Errorf("cannot set host network if network-related configuration is specified: %w", define.ErrInvalidArg) } spec.NetNS.NSMode = specgen.Host - case specgen.Slirp: - logrus.Debugf("Pod will use slirp4netns") - if spec.NetNS.NSMode != specgen.Host { - spec.NetworkOptions = p.NetworkOptions - spec.NetNS.NSMode = specgen.Slirp - } case specgen.Pasta: logrus.Debugf("Pod will use pasta") if spec.NetNS.NSMode != specgen.Host { diff --git a/pkg/specgen/generate/pod_create_test.go b/pkg/specgen/generate/pod_create_test.go index 191b225e27..b49be42a00 100644 --- a/pkg/specgen/generate/pod_create_test.go +++ b/pkg/specgen/generate/pod_create_test.go @@ -132,23 +132,6 @@ func TestMapSpecNetworkOptions(t *testing.T) { podSpec: createPodSpecWithNetworks(specgen.Host), mustError: true, }, - { - name: "Slirp", - podSpec: createPodSpec(specgen.Slirp), - expectedNSMode: specgen.Slirp, - }, - { - name: "Slirp but if infra spec NS mode is Host", - podSpec: specgen.PodSpecGenerator{ - InfraContainerSpec: &specgen.SpecGenerator{ - ContainerNetworkConfig: specgen.ContainerNetworkConfig{NetNS: specgen.Namespace{NSMode: host}}, - }, - PodNetworkConfig: specgen.PodNetworkConfig{ - NetNS: specgen.Namespace{NSMode: specgen.Slirp}, - }, - }, - expectedNSMode: specgen.Host, - }, { name: "Path", podSpec: createPodSpecWithNetNsPath("/var/run/netns/bla"), diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 0ccd75038c..bb562016d3 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -49,10 +49,6 @@ const ( // should be used. // Only used with the network namespace, invalid otherwise. Bridge NamespaceMode = "bridge" - // Slirp indicates that a slirp4netns network stack should - // be used. - // Only used with the network namespace, invalid otherwise. - Slirp NamespaceMode = "slirp4netns" // Pasta indicates that a pasta network stack should be used. // Only used with the network namespace, invalid otherwise. Pasta NamespaceMode = "pasta" @@ -158,8 +154,6 @@ func validateNetNS(n *Namespace) error { return nil } switch n.NSMode { - case Slirp: - break case Pasta: // Check if we run rootless/in a userns. Do not use rootless.IsRootless() here. // Pasta switches to nobody when running as root which causes it to fail while @@ -181,7 +175,7 @@ func validateNetNS(n *Namespace) error { if len(n.Value) < 1 { return fmt.Errorf("namespace mode %s requires a value", n.NSMode) } - } else if n.NSMode != Slirp { + } else { // All others except must NOT set a string value if len(n.Value) > 0 { return fmt.Errorf("namespace value %s cannot be provided with namespace mode %s", n.Value, n.NSMode) @@ -211,7 +205,7 @@ func (n *Namespace) validate() error { switch n.NSMode { case "", Default, Host, Path, FromContainer, FromPod, Private: // Valid, do nothing - case NoNetwork, Bridge, Slirp, Pasta: + case NoNetwork, Bridge, Pasta: return errors.New("cannot use network modes with non-network namespace") default: return fmt.Errorf("invalid namespace type %s specified", n.NSMode) @@ -337,13 +331,6 @@ func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetwork podmanNetworks := make(map[string]types.PerNetworkOptions) switch { - case ns == string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"): - key, options, hasOptions := strings.Cut(ns, ":") - if hasOptions { - networkOptions = make(map[string][]string) - networkOptions[key] = strings.Split(options, ",") - } - toReturn.NSMode = Slirp case ns == string(FromPod): toReturn.NSMode = FromPod case ns == "" || ns == string(Default) || ns == string(Private): @@ -416,7 +403,7 @@ func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetwork return toReturn, nil, nil, fmt.Errorf("network name cannot be empty: %w", define.ErrInvalidArg) } if slices.Contains([]string{ - string(Bridge), string(Slirp), string(Pasta), string(FromPod), string(NoNetwork), + string(Bridge), string(Pasta), string(FromPod), string(NoNetwork), string(Default), string(Private), string(Path), string(FromContainer), string(Host), }, name) { return toReturn, nil, nil, fmt.Errorf("can only set extra network names, selected mode %s conflicts with bridge: %w", name, define.ErrInvalidArg) diff --git a/pkg/specgen/namespaces_test.go b/pkg/specgen/namespaces_test.go index 22b84ee646..636e2c922b 100644 --- a/pkg/specgen/namespaces_test.go +++ b/pkg/specgen/namespaces_test.go @@ -57,12 +57,6 @@ func TestParseNetworkFlag(t *testing.T) { defaultNetName: {}, }, }, - { - name: "slirp4netns mode", - args: []string{"slirp4netns"}, - nsmode: Namespace{NSMode: Slirp}, - networks: map[string]types.PerNetworkOptions{}, - }, { name: "from pod mode", args: []string{"pod"}, @@ -87,15 +81,6 @@ func TestParseNetworkFlag(t *testing.T) { nsmode: Namespace{NSMode: Path, Value: "/path"}, networks: map[string]types.PerNetworkOptions{}, }, - { - name: "slirp4netns mode with options", - args: []string{"slirp4netns:cidr=10.0.0.0/24"}, - nsmode: Namespace{NSMode: Slirp}, - networks: map[string]types.PerNetworkOptions{}, - options: map[string][]string{ - "slirp4netns": {"cidr=10.0.0.0/24"}, - }, - }, { name: "bridge mode with options 1", args: []string{"bridge:ip=10.0.0.1,mac=11:22:33:44:55:66"}, diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go index 636de85c6b..b0a1c5f09e 100644 --- a/pkg/specgen/pod_validate.go +++ b/pkg/specgen/pod_validate.go @@ -64,9 +64,9 @@ func (p *PodSpecGenerator) Validate() error { return exclusivePodOptions("NoInfra", "NoManageResolvConf") } } - if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Slirp && p.NetNS.NSMode != Pasta && p.NetNS.NSMode != Default { + if p.NetNS.NSMode != "" && p.NetNS.NSMode != Bridge && p.NetNS.NSMode != Pasta && p.NetNS.NSMode != Default { if len(p.PortMappings) > 0 { - return errors.New("PortMappings can only be used with Bridge, slirp4netns, or pasta networking") + return errors.New("PortMappings can only be used with Bridge, or pasta networking") } } diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index ca2bc4aed9..57b21860d2 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -106,13 +106,13 @@ type PodNetworkConfig struct { // containers in the pod. // Cannot be set to FromContainer and FromPod. // Setting this to anything except default conflicts with NoInfra=true. - // Defaults to Bridge as root and Slirp as rootless. + // Defaults to Bridge as root and Pasta as rootless. // Mandatory. NetNS Namespace `json:"netns"` // PortMappings is a set of ports to map into the infra container. // As, by default, containers share their network with the infra // container, this will forward the ports to the entire pod. - // Only available if NetNS is set to Bridge, Slirp, or Pasta. + // Only available if NetNS is set to Bridge, or Pasta. // Optional. PortMappings []types.PortMapping `json:"portmappings,omitempty"` // Map of networks names to ids the container should join to. diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 767710e898..ce2bef447e 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -477,14 +477,14 @@ type ContainerNetworkConfig struct { // Mandatory. NetNS Namespace `json:"netns"` // PortBindings is a set of ports to map into the container. - // Only available if NetNS is set to bridge, slirp, or pasta. + // Only available if NetNS is set to bridge, or pasta. // Optional. PortMappings []nettypes.PortMapping `json:"portmappings,omitempty"` // PublishExposedPorts will publish ports specified in the image to // random unused ports (guaranteed to be above 1024) on the host. // This is based on ports set in Expose below, and any ports specified // by the Image (if one is given). - // Only available if NetNS is set to Bridge or Slirp. + // Only available if NetNS is set to Bridge. // Optional. PublishExposedPorts *bool `json:"publish_image_ports,omitempty"` // Expose is a number of ports that will be forwarded to the container @@ -493,7 +493,7 @@ type ContainerNetworkConfig struct { // protocol i.e map[uint16]string. Allowed protocols are "tcp", "udp", and "sctp", or some // combination of the three separated by commas. // If protocol is set to "" we will assume TCP. - // Only available if NetNS is set to Bridge or Slirp, and + // Only available if NetNS is set to Bridge, and // PublishExposedPorts is set. // Optional. Expose map[uint16]string `json:"expose,omitempty"` From 843aa8869732ca388ff3d34aec0738a72302927c Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 5 Nov 2025 15:21:01 -0500 Subject: [PATCH 08/18] libpod/: Remove slirp Signed-off-by: Lokesh Mandvekar --- cmd/podman/system/service_abi.go | 1 - cmd/podman/system/service_abi_linux.go | 6 ---- libpod/container.go | 6 +--- libpod/container_api.go | 2 +- libpod/container_internal_common.go | 23 +++----------- libpod/container_internal_freebsd.go | 4 --- libpod/container_internal_linux.go | 35 +-------------------- libpod/define/info.go | 10 +----- libpod/info_linux.go | 19 ------------ libpod/networking_common.go | 5 ++- libpod/networking_freebsd.go | 5 --- libpod/networking_linux.go | 3 -- libpod/networking_slirp4netns.go | 43 -------------------------- libpod/oci_conmon_common.go | 27 ---------------- 14 files changed, 11 insertions(+), 178 deletions(-) diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 07f622c0ac..d8b52b43a8 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -125,7 +125,6 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities maybeMoveToSubCgroup() - maybeStartServiceReaper() infra.StartWatcher(libpodRuntime) server, err := api.NewServerWithSettings(libpodRuntime, listener, opts) if err != nil { diff --git a/cmd/podman/system/service_abi_linux.go b/cmd/podman/system/service_abi_linux.go index 6282efc207..c501c69b13 100644 --- a/cmd/podman/system/service_abi_linux.go +++ b/cmd/podman/system/service_abi_linux.go @@ -5,14 +5,8 @@ package system import ( "github.com/sirupsen/logrus" "go.podman.io/common/pkg/cgroups" - "go.podman.io/common/pkg/servicereaper" ) -// Currently, we only need servicereaper on Linux to support slirp4netns. -func maybeStartServiceReaper() { - servicereaper.Start() -} - func maybeMoveToSubCgroup() { if err := cgroups.MaybeMoveToSubCgroup(); err != nil { // it is a best effort operation, so just print the diff --git a/libpod/container.go b/libpod/container.go index 9e322160aa..72e60ed969 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -107,9 +107,6 @@ type Container struct { runtime *Runtime ociRuntime OCIRuntime - rootlessSlirpSyncR *os.File - rootlessSlirpSyncW *os.File - rootlessPortSyncR *os.File rootlessPortSyncW *os.File @@ -126,8 +123,7 @@ type Container struct { // This is true if a container is restored from a checkpoint. restoreFromCheckpoint bool - slirp4netnsSubnet *net.IPNet - pastaResult *pasta.SetupResult + pastaResult *pasta.SetupResult } // ContainerState contains the current state of the container diff --git a/libpod/container_api.go b/libpod/container_api.go index 12d0e858bd..b9d45567d0 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -928,7 +928,7 @@ func (c *Container) Sync() error { // reloaded, and existing rules have been wiped out. It is expected that some // downtime will result, as the rules are destroyed as part of this process. // At present, this only works on root containers; it may be expanded to restart -// slirp4netns in the future to work with rootless containers as well. +// pasta(?) in the future to work with rootless containers as well. // Requires that the container must be running or created. func (c *Container) ReloadNetwork() error { if !c.batched { diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index acaa76ef3a..e6a79c3472 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2262,7 +2262,7 @@ func (c *Container) addResolvConf() error { // add the nameservers from the networks status nameservers = networkNameServers } else { - // pasta and slirp4netns have a built in DNS forwarder. + // pasta has a built in DNS forwarder. nameservers = c.addSpecialDNS(nameservers) } } @@ -2318,11 +2318,7 @@ func (c *Container) checkForIPv6(netStatus map[string]types.StatusBlock) bool { } } - if c.pastaResult != nil { - return c.pastaResult.IPv6 - } - - return c.isSlirp4netnsIPv6() + return c.pastaResult.IPv6 } // Add a new nameserver to the container's resolv.conf, ensuring that it is the @@ -2373,7 +2369,7 @@ func getLocalhostHostEntry(c *Container) etchosts.HostEntries { } // getHostsEntries returns the container ip host entries for the correct netmode -func (c *Container) getHostsEntries() (etchosts.HostEntries, error) { +func (c *Container) getHostsEntries() etchosts.HostEntries { var entries etchosts.HostEntries names := []string{c.Hostname(), c.config.Name} switch { @@ -2384,18 +2380,12 @@ func (c *Container) getHostsEntries() (etchosts.HostEntries, error) { if len(c.pastaResult.IPAddresses) > 0 { entries = etchosts.HostEntries{{IP: c.pastaResult.IPAddresses[0].String(), Names: names}} } - case c.config.NetMode.IsSlirp4netns(): - ip, err := getSlirp4netnsIP(c.slirp4netnsSubnet) - if err != nil { - return nil, err - } - entries = etchosts.HostEntries{{IP: ip.String(), Names: names}} default: if c.hasNetNone() { entries = etchosts.HostEntries{{IP: "127.0.0.1", Names: names}} } } - return entries, nil + return entries } func (c *Container) createHostsFile() error { @@ -2414,10 +2404,7 @@ func (c *Container) addHosts() error { // no host file nothing to do return nil } - containerIPsEntries, err := c.getHostsEntries() - if err != nil { - return fmt.Errorf("failed to get container ip host entries: %w", err) - } + containerIPsEntries := c.getHostsEntries() // Consider container level BaseHostsFile configuration first. // If it is empty, fallback to containers.conf level configuration. diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go index 2438f8b4c2..df3a1b7bbf 100644 --- a/libpod/container_internal_freebsd.go +++ b/libpod/container_internal_freebsd.go @@ -296,10 +296,6 @@ func (c *Container) addSpecialDNS(nameservers []string) []string { return nameservers } -func (c *Container) isSlirp4netnsIPv6() bool { - return false -} - // check for net=none func (c *Container) hasNetNone() bool { return c.state.NetNS == "" diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index f4bd473483..bea1e5efc0 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -22,7 +22,6 @@ import ( "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/sirupsen/logrus" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/libnetwork/types" "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/config" @@ -557,7 +556,7 @@ func (c *Container) setCgroupsPath(g *generate.Generator) error { return nil } -// addSpecialDNS adds special dns servers for slirp4netns and pasta +// addSpecialDNS adds special dns servers for pasta func (c *Container) addSpecialDNS(nameservers []string) []string { switch { case c.config.NetMode.IsBridge(): @@ -567,42 +566,10 @@ func (c *Container) addSpecialDNS(nameservers []string) []string { } case c.pastaResult != nil: nameservers = append(nameservers, c.pastaResult.DNSForwardIPs...) - case c.config.NetMode.IsSlirp4netns(): - // slirp4netns has a built in DNS forwarder. - slirp4netnsDNS, err := slirp4netns.GetDNS(c.slirp4netnsSubnet) - if err != nil { - logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error()) - } else { - nameservers = append(nameservers, slirp4netnsDNS.String()) - } } return nameservers } -func (c *Container) isSlirp4netnsIPv6() bool { - if c.config.NetMode.IsSlirp4netns() { - extraOptions := c.config.NetworkOptions[slirp4netns.BinaryName] - options := make([]string, 0, len(c.runtime.config.Engine.NetworkCmdOptions.Get())+len(extraOptions)) - options = append(options, c.runtime.config.Engine.NetworkCmdOptions.Get()...) - options = append(options, extraOptions...) - - // loop backwards as the last argument wins and we can exit early - // This should be kept in sync with c/common/libnetwork/slirp4netns. - for i := len(options) - 1; i >= 0; i-- { - switch options[i] { - case "enable_ipv6=true": - return true - case "enable_ipv6=false": - return false - } - } - // default is true - return true - } - - return false -} - // check for net=none func (c *Container) hasNetNone() bool { if !c.config.CreateNetNS { diff --git a/libpod/define/info.go b/libpod/define/info.go index 2162a33f05..26b9009d3e 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -52,13 +52,12 @@ type HostInfo struct { OS string `json:"os"` // RemoteSocket returns the UNIX domain socket the Podman service is listening on RemoteSocket *RemoteSocket `json:"remoteSocket,omitempty"` - // RootlessNetworkCmd returns the default rootless network command (slirp4netns or pasta) + // RootlessNetworkCmd returns the default rootless network command (pasta) RootlessNetworkCmd string `json:"rootlessNetworkCmd"` RuntimeInfo map[string]any `json:"runtimeInfo,omitempty"` // ServiceIsRemote is true when the podman/libpod service is remote to the client ServiceIsRemote bool `json:"serviceIsRemote"` Security SecurityInfo `json:"security"` - Slirp4NetNS SlirpInfo `json:"slirp4netns"` Pasta PastaInfo `json:"pasta"` SwapFree int64 `json:"swapFree"` @@ -76,13 +75,6 @@ type RemoteSocket struct { Exists bool `json:"exists"` } -// SlirpInfo describes the slirp executable that is being used -type SlirpInfo struct { - Executable string `json:"executable"` - Package string `json:"package"` - Version string `json:"version"` -} - // PastaInfo describes the pasta executable that is being used type PastaInfo struct { Executable string `json:"executable"` diff --git a/libpod/info_linux.go b/libpod/info_linux.go index 67f1000d36..c949467cec 100644 --- a/libpod/info_linux.go +++ b/libpod/info_linux.go @@ -16,7 +16,6 @@ import ( "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/pkg/apparmor" "go.podman.io/common/pkg/cgroups" "go.podman.io/common/pkg/seccomp" @@ -49,27 +48,9 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { SECCOMPProfilePath: seccompProfilePath, SELinuxEnabled: selinux.GetEnabled(), } - info.Slirp4NetNS = define.SlirpInfo{} info.CgroupsVersion = "v2" - slirp4netnsPath := r.config.Engine.NetworkCmdPath - if slirp4netnsPath == "" { - slirp4netnsPath, _ = r.config.FindHelperBinary(slirp4netns.BinaryName, true) - } - if slirp4netnsPath != "" { - ver, err := version.Program(slirp4netnsPath) - if err != nil { - logrus.Warnf("Failed to retrieve program version for %s: %v", slirp4netnsPath, err) - } - program := define.SlirpInfo{ - Executable: slirp4netnsPath, - Package: version.Package(slirp4netnsPath), - Version: ver, - } - info.Slirp4NetNS = program - } - pastaPath, _ := r.config.FindHelperBinary(pasta.BinaryName, true) if pastaPath != "" { ver, err := version.Program(pastaPath) diff --git a/libpod/networking_common.go b/libpod/networking_common.go index 0ae5069b4f..0b5cfd6892 100644 --- a/libpod/networking_common.go +++ b/libpod/networking_common.go @@ -111,8 +111,7 @@ func (r *Runtime) teardownNetwork(ctr *Container) error { return err } - if !ctr.config.NetMode.IsSlirp4netns() && - !ctr.config.NetMode.IsPasta() && len(networks) > 0 { + if !ctr.config.NetMode.IsPasta() && len(networks) > 0 { netOpts := ctr.getNetworkOptions(networks) return r.teardownNetworkBackend(ctr.state.NetNS, netOpts) } @@ -134,7 +133,7 @@ func isBridgeNetMode(n namespaces.NetworkMode) error { // firewall configuration. // Efforts will be made to preserve MAC and IP addresses. // Only works on containers with bridge networking at present, though in the future we could -// extend this to stop + restart slirp4netns +// extend this to stop + restart pasta (?) func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) { if ctr.state.NetNS == "" { return nil, fmt.Errorf("container %s network is not configured, refusing to reload: %w", ctr.ID(), define.ErrCtrStateInvalid) diff --git a/libpod/networking_freebsd.go b/libpod/networking_freebsd.go index 3000ff25ce..ff4ce8f811 100644 --- a/libpod/networking_freebsd.go +++ b/libpod/networking_freebsd.go @@ -7,7 +7,6 @@ import ( jdec "encoding/json" "errors" "fmt" - "net" "os/exec" "github.com/containers/buildah/pkg/jail" @@ -44,10 +43,6 @@ type NetstatAddress struct { Collisions uint64 `json:"collisions"` } -func getSlirp4netnsIP(_ *net.IPNet) (*net.IP, error) { - return nil, errors.New("not implemented GetSlirp4netnsIP") -} - // This is called after the container's jail is created but before its // started. We can use this to initialise the container's vnet when we don't // have a separate vnet jail (which is the case in FreeBSD 13.3 and later). diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index e188180697..79565a6e23 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -29,9 +29,6 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS string) (status map[strin } } }() - if ctr.config.NetMode.IsSlirp4netns() { - return nil, r.setupSlirp4netns(ctr, ctrNS) - } if ctr.config.NetMode.IsPasta() { return nil, r.setupPasta(ctr, ctrNS) } diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go index 0b2243f6a5..94702c7efa 100644 --- a/libpod/networking_slirp4netns.go +++ b/libpod/networking_slirp4netns.go @@ -5,7 +5,6 @@ package libpod import ( "fmt" "io" - "net" "os" "path/filepath" @@ -15,44 +14,6 @@ import ( "go.podman.io/common/libnetwork/types" ) -// setupSlirp4netns can be called in rootful as well as in rootless -func (r *Runtime) setupSlirp4netns(ctr *Container, netns string) error { - ports := ctr.convertPortMappings() - - if !ctr.config.PostConfigureNetNS { - var err error - ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe() - if err != nil { - return fmt.Errorf("failed to create rootless network sync pipe: %w", err) - } - if len(ports) > 0 { - ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe() - if err != nil { - return fmt.Errorf("failed to create rootless port sync pipe: %w", err) - } - } - } - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) - if ctr.rootlessPortSyncR != nil { - defer errorhandling.CloseQuiet(ctr.rootlessPortSyncR) - } - - res, err := slirp4netns.Setup(&slirp4netns.SetupOptions{ - Config: r.config, - ContainerID: ctr.ID(), - Netns: netns, - Ports: ports, - ExtraOptions: ctr.config.NetworkOptions[slirp4netns.BinaryName], - Slirp4netnsExitPipeR: ctr.rootlessSlirpSyncR, - RootlessPortExitPipeR: ctr.rootlessPortSyncR, - }) - if err != nil { - return err - } - ctr.slirp4netnsSubnet = res.Subnet - return nil -} - func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath string, netStatus map[string]types.StatusBlock) error { var err error if !ctr.config.PostConfigureNetNS { @@ -100,7 +61,3 @@ func (c *Container) reloadRootlessRLKPortMapping() error { } return nil } - -func getSlirp4netnsIP(subnet *net.IPNet) (*net.IP, error) { - return slirp4netns.GetIP(subnet) -} diff --git a/libpod/oci_conmon_common.go b/libpod/oci_conmon_common.go index 0138f037fa..65199cb181 100644 --- a/libpod/oci_conmon_common.go +++ b/libpod/oci_conmon_common.go @@ -1170,33 +1170,6 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co ctr.reservedPorts = nil } - if ctr.config.NetMode.IsSlirp4netns() || rootless.IsRootless() { - if ctr.config.PostConfigureNetNS { - havePortMapping := len(ctr.config.PortMappings) > 0 - if havePortMapping { - ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe() - if err != nil { - return 0, fmt.Errorf("failed to create rootless port sync pipe: %w", err) - } - } - ctr.rootlessSlirpSyncR, ctr.rootlessSlirpSyncW, err = os.Pipe() - if err != nil { - return 0, fmt.Errorf("failed to create rootless network sync pipe: %w", err) - } - } - - if ctr.rootlessSlirpSyncW != nil { - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) - // Leak one end in conmon, the other one will be leaked into slirp4netns - cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW) - } - - if ctr.rootlessPortSyncW != nil { - defer errorhandling.CloseQuiet(ctr.rootlessPortSyncW) - // Leak one end in conmon, the other one will be leaked into rootlessport - cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessPortSyncW) - } - } var runtimeRestoreStarted time.Time if restoreOptions != nil { runtimeRestoreStarted = time.Now() From 7dc767546194845242b54e896dfd6316b846a632 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 16:01:06 -0500 Subject: [PATCH 09/18] libpod: Remove network-cmd-path Signed-off-by: Lokesh Mandvekar --- docs/source/markdown/podman.1.md | 5 ----- libpod/options.go | 14 -------------- pkg/domain/infra/runtime_libpod.go | 3 --- 3 files changed, 22 deletions(-) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index 77fdab2978..ec90ccb6a3 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -104,11 +104,6 @@ Load the specified `containers.conf(5)` module. Can be an absolute or relative This flag is not supported on the remote client, including Mac and Windows (excluding WSL2) machines. Further note that the flag is a root-level flag and must be specified before any Podman sub-command. -#### **--network-cmd-path**=*path* -Path to the `slirp4netns(1)` command binary to use for setting up a slirp4netns network. -If "" is used, then the binary will first be searched using the `helper_binaries_dir` option in `containers.conf`, and second using the `$PATH` environment variable. -**Note:** This option is deprecated and will be removed with Podman 6.0. Use the `helper_binaries_dir` option in `containers.conf` instead. - #### **--network-config-dir**=*directory* Path to the directory where network configuration files are located. diff --git a/libpod/options.go b/libpod/options.go index 41d6bc4a78..5e10a63f04 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -180,20 +180,6 @@ func WithConmonPath(path string) RuntimeOption { } } -// WithNetworkCmdPath specifies the path to the slirp4netns binary which manages the -// runtime. -func WithNetworkCmdPath(path string) RuntimeOption { - return func(rt *Runtime) error { - if rt.valid { - return define.ErrRuntimeFinalized - } - - rt.config.Engine.NetworkCmdPath = path - - return nil - } -} - // WithNetworkBackend specifies the name of the network backend. func WithNetworkBackend(name string) RuntimeOption { return func(rt *Runtime) error { diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go index 3c2d02bbb0..64f8992487 100644 --- a/pkg/domain/infra/runtime_libpod.go +++ b/pkg/domain/infra/runtime_libpod.go @@ -164,9 +164,6 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo if fs.Changed("tmpdir") { options = append(options, libpod.WithTmpDir(cfg.ContainersConf.Engine.TmpDir)) } - if fs.Changed("network-cmd-path") { - options = append(options, libpod.WithNetworkCmdPath(cfg.ContainersConf.Engine.NetworkCmdPath)) - } if fs.Changed("network-backend") { options = append(options, libpod.WithNetworkBackend(cfg.ContainersConf.Network.NetworkBackend)) } From 2554a01276ac6c284e762959d5e9dc3d61616831 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 14:54:02 -0500 Subject: [PATCH 10/18] test/e2e: Remove slirp Signed-off-by: Lokesh Mandvekar --- test/e2e/containers_conf_test.go | 8 +- test/e2e/network_connect_disconnect_test.go | 34 ------ test/e2e/network_create_test.go | 2 +- test/e2e/pod_create_test.go | 12 --- test/e2e/run_networking_test.go | 109 -------------------- test/e2e/stats_test.go | 23 ----- 6 files changed, 2 insertions(+), 186 deletions(-) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 4352212f96..9a2aef26ee 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -379,12 +379,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { Expect(session.OutputToString()).To(Equal("0002")) }) - It("network slirp options to allow host loopback", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns", ALPINE, "ping", "-c1", "10.0.2.2"}) - session.Wait(30) - Expect(session).Should(ExitCleanly()) - }) - It("podman-remote test localcontainers.conf", func() { SkipIfNotRemote("this test is only for remote") @@ -749,7 +743,7 @@ var _ = Describe("Verify podman containers.conf usage", func() { It("podman default_rootless_network_cmd", func() { SkipIfNotRootless("default_rootless_network_cmd is only used rootless") - for _, mode := range []string{"pasta", "slirp4netns", "invalid"} { + for _, mode := range []string{"pasta", "invalid"} { conffile := filepath.Join(podmanTest.TempDir, "container.conf") content := "[network]\ndefault_rootless_network_cmd=\"" + mode + "\"\n" err := os.WriteFile(conffile, []byte(content), 0o755) diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 9113fc4522..99afefe323 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -31,23 +31,6 @@ var _ = Describe("Podman network connect and disconnect", func() { Expect(dis).Should(ExitWithError(125, `no container with name or ID "foobar" found: no such container`)) }) - It("network disconnect with net mode slirp4netns should result in error", func() { - netName := "slirp" + stringid.GenerateRandomID() - session := podmanTest.Podman([]string{"network", "create", netName}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - session = podmanTest.Podman([]string{"create", "--name", "test", "--network", "slirp4netns", ALPINE}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - con := podmanTest.Podman([]string{"network", "disconnect", netName, "test"}) - con.WaitWithDefaultTimeout() - Expect(con).Should(ExitWithError(125, `"slirp4netns" is not supported: invalid network mode`)) - }) - It("podman network disconnect", func() { netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) @@ -120,23 +103,6 @@ var _ = Describe("Podman network connect and disconnect", func() { Expect(dis).Should(ExitWithError(125, `no container with name or ID "foobar" found: no such container`)) }) - It("network connect with net mode slirp4netns should result in error", func() { - netName := "slirp" + stringid.GenerateRandomID() - session := podmanTest.Podman([]string{"network", "create", netName}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - session = podmanTest.Podman([]string{"create", "--name", "test", "--network", "slirp4netns", ALPINE}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - defer podmanTest.removeNetwork(netName) - - con := podmanTest.Podman([]string{"network", "connect", netName, "test"}) - con.WaitWithDefaultTimeout() - Expect(con).Should(ExitWithError(125, `"slirp4netns" is not supported: invalid network mode`)) - }) - It("podman connect on a container that already is connected to the network should error after init", func() { netName := "aliasTest" + stringid.GenerateRandomID() session := podmanTest.Podman([]string{"network", "create", netName}) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index e48d3c0c03..9aa268302f 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -561,7 +561,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with invalid name", func() { - for _, name := range []string{"none", "host", "bridge", "private", "slirp4netns", "pasta", "container", "ns", "default"} { + for _, name := range []string{"none", "host", "bridge", "private", "pasta", "container", "ns", "default"} { nc := podmanTest.Podman([]string{"network", "create", name}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError(125, fmt.Sprintf("cannot create network with name %q because it conflicts with a valid network mode", name))) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 9eab96fafb..c993676083 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -557,18 +557,6 @@ entrypoint ["/fromimage"] Expect(check2.OutputToString()).To(Equal("/fromcommand:[/fromcommand]")) }) - It("podman create pod with slirp network option", func() { - name := "test" - session := podmanTest.Podman([]string{"pod", "create", "--name", name, "--network", "slirp4netns:port_handler=slirp4netns", "-p", "8082:8000"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - check := podmanTest.Podman([]string{"pod", "inspect", "--format", "{{.InfraConfig.NetworkOptions.slirp4netns}}", name}) - check.WaitWithDefaultTimeout() - Expect(check).Should(ExitCleanly()) - Expect(check.OutputToString()).To(Equal("[port_handler=slirp4netns]")) - }) - It("podman pod status test", func() { podName := "testpod" create := podmanTest.Podman([]string{"pod", "create", "--name", podName}) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index ba8b1b91ef..746a6b8eb2 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -5,12 +5,9 @@ package integration import ( "encoding/json" "fmt" - "io" "net" "os" - "strconv" "strings" - "sync" "syscall" "github.com/containernetworking/plugins/pkg/ns" @@ -561,112 +558,6 @@ EXPOSE 2004-2005/tcp`, ALPINE) Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0]).To(HaveField("HostIP", "0.0.0.0")) }) - It("podman run slirp4netns verify net.ipv6.conf.default.accept_dad=0", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "ip", "addr"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - // check the ipv6 setup id done without delay (https://github.com/containers/podman/issues/11062) - Expect(session.OutputToString()).To(ContainSubstring("inet6 fd00::")) - - const ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/all/accept_dad" - - cat := SystemExec("cat", []string{ipv6ConfDefaultAcceptDadSysctl}) - cat.WaitWithDefaultTimeout() - Expect(cat).Should(ExitCleanly()) - sysctlValue := cat.OutputToString() - - session = podmanTest.Podman([]string{"run", "--network", "slirp4netns:enable_ipv6=true", ALPINE, "cat", ipv6ConfDefaultAcceptDadSysctl}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(Equal(sysctlValue)) - }) - - It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"}) - session.WaitWithDefaultTimeout() - Expect(session).To(ExitWithError(126, `unknown port_handler for slirp4netns: "invalid"`)) - }) - - It("podman run slirp4netns network with host loopback", func() { - session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - }) - - It("podman run slirp4netns network with mtu", func() { - session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:mtu=9000", ALPINE, "ip", "addr"}) - session.Wait(30) - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("mtu 9000")) - }) - - It("podman run slirp4netns network with different cidr", func() { - slirp4netnsHelp := SystemExec("slirp4netns", []string{"--help"}) - Expect(slirp4netnsHelp).Should(ExitCleanly()) - - networkConfiguration := "slirp4netns:cidr=192.168.0.0/24,allow_host_loopback=true" - session := podmanTest.Podman([]string{"run", "--cap-add", "net_raw", "--network", networkConfiguration, ALPINE, "ping", "-c1", "192.168.0.2"}) - session.Wait(30) - - if strings.Contains(slirp4netnsHelp.OutputToString(), "cidr") { - Expect(session).Should(ExitCleanly()) - } else { - Expect(session).To(ExitWithError(125, "cidr not supported")) - } - }) - - for _, local := range []bool{true, false} { - testName := "HostIP" - if local { - testName = "127.0.0.1" - } - It(fmt.Sprintf("podman run network slirp4netns bind to %s", testName), func() { - ip := "127.0.0.1" - if !local { - // Determine our likeliest outgoing IP address - conn, err := net.Dial("udp", "8.8.8.8:80") - Expect(err).ToNot(HaveOccurred()) - - defer conn.Close() - ip = conn.LocalAddr().(*net.UDPAddr).IP.String() - } - port := strconv.Itoa(GetPort()) - - networkConfiguration := fmt.Sprintf("slirp4netns:outbound_addr=%s,allow_host_loopback=true", ip) - - listener, err := net.Listen("tcp", ":"+port) - Expect(err).ToNot(HaveOccurred()) - defer listener.Close() - - msg := RandomString(10) - wg := &sync.WaitGroup{} - wg.Add(1) - // now use a new goroutine to start accepting connection in the background and make the checks there - go func() { - defer GinkgoRecover() - defer wg.Done() - conn, err := listener.Accept() - Expect(err).ToNot(HaveOccurred(), "accept new connection") - defer conn.Close() - addr := conn.RemoteAddr() - // addr will be in the form ip:port, we don't care about the port as it is random - Expect(addr.String()).To(HavePrefix(ip+":"), "remote address") - gotBytes, err := io.ReadAll(conn) - Expect(err).ToNot(HaveOccurred(), "read from connection") - Expect(string(gotBytes)).To(Equal(msg), "received correct message from container") - }() - - session := podmanTest.Podman([]string{"run", "--network", networkConfiguration, ALPINE, "sh", "-c", "echo -n " + msg + " | nc -w 30 10.0.2.2 " + port}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - // explicitly close the socket here before we wait to unlock Accept() calls in case of hangs - listener.Close() - // wait for the checks in the goroutine to be done - wg.Wait() - }) - } - It("podman run network expose ports in image metadata", func() { session := podmanTest.Podman([]string{"create", "--name", "test", "-t", "-P", NGINX_IMAGE}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index c569ecd313..bac561daef 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -149,29 +149,6 @@ var _ = Describe("Podman stats", func() { Expect(session).Should(ExitCleanly()) }) - It("podman stats on container with forced slirp4netns", func() { - // This will force the slirp4netns net mode to be tested as root - session := podmanTest.Podman([]string{"run", "-d", "--net", "slirp4netns", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"stats", "--no-stream", "-a"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - }) - - It("podman reads slirp4netns network stats", func() { - session := podmanTest.Podman([]string{"run", "-d", "--network", "slirp4netns", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - cid := session.OutputToString() - - stats := podmanTest.Podman([]string{"stats", "--format", "'{{.NetIO}}'", "--no-stream", cid}) - stats.WaitWithDefaultTimeout() - Expect(stats).Should(ExitCleanly()) - Expect(stats.OutputToString()).To(Not(ContainSubstring("-- / --"))) - }) - // Regression test for #8265 It("podman stats with custom memory limits", func() { // Run three containers. One with a memory limit. Make sure From 850364e4c4ec2b487e26473ed2223a3b58073cd4 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 15:08:01 -0500 Subject: [PATCH 11/18] test/system: Remove slirp Signed-off-by: Lokesh Mandvekar --- test/system/005-info.bats | 1 - test/system/500-networking.bats | 84 +------------------------------- test/system/700-play.bats | 8 --- test/system/helpers.network.bash | 14 ------ 4 files changed, 2 insertions(+), 105 deletions(-) diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 10127dd3ed..1b7c55c22d 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -52,7 +52,6 @@ store.configFile | $expr_path store.graphDriverName | [a-z0-9]\\\+\\\$ store.graphRoot | $expr_path store.imageStore.number | 1 -host.slirp4netns.executable | $expr_path " defer-assertion-failures diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index c96122bf4f..3369adbcce 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -122,13 +122,8 @@ load helpers.network # force bridge networking also for rootless # this ensures that rootless + bridge + userns + ports works network_arg="--network bridge" - elif has_slirp4netns; then - # Issue #9828 make sure a custom slirp4netns cidr also works - network_arg="--network slirp4netns:cidr=$cidr" - # slirp4netns interface ip is always .100 - match="${cidr%.*}.100" else - echo "# [skipping subtest of $cidr - slirp4netns unavailable]" >&3 + echo "# [skipping subtest of $cidr]" >&3 continue fi @@ -208,57 +203,6 @@ load helpers.network is "$output" "$pid" "Only ID in output (no extra errors)" } -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - IP=$(hostname -I | cut -f 1 -d " ") - local conname=con-$(safename) - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address" - is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" - - if is_rootless; then - # check the slirp ip also works correct with userns - run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \ - --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address" - is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" - fi -} - -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns adds correct dns address to resolv.conf" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE cat /etc/resolv.conf - assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver" - no_userns_out="$output" - - if is_rootless; then - # check the slirp ip also works correct with userns - run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE cat /etc/resolv.conf - assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns" - assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns" - fi - -} - -# FIXME: random_rfc1918_subnet is not parallel-safe -@test "podman run with slirp4ns assigns correct ip address container" { - has_slirp4netns || skip "slirp4netns unavailable" - - CIDR="$(random_rfc1918_subnet)" - run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ - $IMAGE sh -c "ip address | grep ${CIDR}" - is "$output" ".*inet ${CIDR}.100/24 \+" "container should have slirp4netns cidr+100 assigned to interface" -} - # "network create" now works rootless, with the help of a special container # FIXME: random_rfc1918_subnet is not parallel-safe @test "podman network create" { @@ -466,16 +410,6 @@ load helpers.network skip "This test needs an ipv6 nameserver in $resolve_file" fi - if has_slirp4netns; then - # ipv4 slirp - run_podman run --rm --network slirp4netns:enable_ipv6=false $IMAGE cat /etc/resolv.conf - assert "$output" !~ "$ipv6_regex" "resolv.conf should not contain ipv6 nameserver" - - # ipv6 slirp - run_podman run --rm --network slirp4netns:enable_ipv6=true $IMAGE cat /etc/resolv.conf - assert "$output" =~ "$ipv6_regex" "resolv.conf should contain ipv6 nameserver" - fi - # ipv4 cni local mysubnet=$(random_rfc1918_subnet) local netname=testnet1-$(safename) @@ -641,9 +575,6 @@ load helpers.network is "$output" "$netname" "output of 'network create'" local -a networks=("$netname") - if has_slirp4netns; then - networks+=("slirp4netns") - fi for network in "${networks[@]}"; do # Start container with the restart always policy local cname=c-$(safename) @@ -782,10 +713,6 @@ nameserver 8.8.8.8" "nameserver order is correct" defer-assertion-failures local -a netmodes=("bridge") - # As of podman 5.0, slirp4netns is optional - if has_slirp4netns; then - netmodes+=("slirp4netns:port_handler=slirp4netns" "slirp4netns:port_handler=rootlesskit") - fi # pasta only works rootless if is_rootless; then netmodes+=("pasta") @@ -1012,16 +939,9 @@ EOF # Now make sure we can still run a container with free ips. run_podman run --rm --network $net1 $IMAGE true - # And now because of all the fun we have to check the same with slirp4netns and pasta because + # And now because of all the fun we have to check the same with pasta because # that uses slightly different code paths. Note this would deadlock before the fix. # https://github.com/containers/podman/issues/21477 - if has_slirp4netns; then - cname2=con2-$(safename) - run_podman 1 run --name $cname2 --network slirp4netns --restart on-failure:2 --userns keep-id $IMAGE false - wait_for_restart_count $cname2 2 "slirp4netns" - run_podman wait $cname2 - fi - if is_rootless; then # pasta can only run rootless cname3=con3-$(safename) diff --git a/test/system/700-play.bats b/test/system/700-play.bats index b7f42a6702..17870bb328 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -226,14 +226,6 @@ RELABEL="system_u:object_r:container_file_t:s0" is "$output" "true" ".InfraConfig.HostNetwork" run_podman pod rm -t 0 -f $PODNAME - if has_slirp4netns; then - run_podman kube play --network slirp4netns:port_handler=slirp4netns $TESTYAML - run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}" - infraID="$output" - run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID - is "$output" "slirp4netns" "network mode slirp4netns is set for the container" - fi - run_podman pod rm -t 0 -f $PODNAME run_podman kube play --network none $TESTYAML diff --git a/test/system/helpers.network.bash b/test/system/helpers.network.bash index 8d0b419b36..5eecb7c230 100644 --- a/test/system/helpers.network.bash +++ b/test/system/helpers.network.bash @@ -1,7 +1,5 @@ # -*- bash -*- -_cached_has_slirp4netns= - ### Feature Checks ############################################################# # has_ipv4() - Check if one default route is available for IPv4 @@ -32,18 +30,6 @@ function skip_if_no_ipv6() { fi } -# has_slirp4netns - Check if the slirp4netns(1) command is available -function has_slirp4netns() { - if [[ -z "$_cached_has_slirp4netns" ]]; then - _cached_has_slirp4netns=n - run_podman info --format '{{.Host.Slirp4NetNS.Executable}}' - if [[ -n "$output" ]]; then - _cached_has_slirp4netns=y - fi - fi - test "$_cached_has_slirp4netns" = "y" -} - ### procfs access ############################################################## # ipv6_to_procfs() - RFC 5952 IPv6 address text representation to procfs format From 28846741140b74d658d3d4073ebd4d9e83886684 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 15:11:25 -0500 Subject: [PATCH 12/18] TMT: remove slirp4netns dependency Signed-off-by: Lokesh Mandvekar --- test/tmt/system.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/test/tmt/system.sh b/test/tmt/system.sh index 3cd29dae03..682d71d98f 100644 --- a/test/tmt/system.sh +++ b/test/tmt/system.sh @@ -19,7 +19,6 @@ rpm -q \ podman \ podman-tests \ skopeo \ - slirp4netns \ systemd export system_service_cmd="/usr/bin/podman system service --timeout=0 &" From f413ee11833d2728d30d49bce22faf2ffe02258f Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 15:33:59 -0500 Subject: [PATCH 13/18] RPM: remove slirp4netns Signed-off-by: Lokesh Mandvekar --- rpm/podman.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/rpm/podman.spec b/rpm/podman.spec index 755a0e2823..52bbd7f136 100644 --- a/rpm/podman.spec +++ b/rpm/podman.spec @@ -161,7 +161,6 @@ Requires: nmap-ncat Requires: httpd-tools Requires: openssl Requires: socat -Requires: slirp4netns Requires: buildah Requires: gnupg Requires: xfsprogs From 8cc91088ed52f4c4878602b4a3b3a9d46cb0935d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 15:51:48 -0500 Subject: [PATCH 14/18] pkg/namespaces/namespaces.go: Remove slirp Signed-off-by: Lokesh Mandvekar --- pkg/namespaces/namespaces.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index ca2c8ed3b8..8407218e68 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -16,7 +16,6 @@ const ( podType = "pod" privateType = "private" shareableType = "shareable" - slirpType = "slirp4netns" pastaType = "pasta" ) @@ -202,11 +201,6 @@ func (n NetworkMode) IsBridge() bool { return n == bridgeType } -// IsSlirp4netns indicates if we are running a rootless network stack -func (n NetworkMode) IsSlirp4netns() bool { - return n == slirpType || strings.HasPrefix(string(n), slirpType+":") -} - // IsPasta indicates if we are running a rootless network stack using pasta func (n NetworkMode) IsPasta() bool { return n == pastaType || strings.HasPrefix(string(n), pastaType+":") @@ -230,5 +224,5 @@ func (n NetworkMode) IsPod() bool { // IsUserDefined indicates user-created network func (n NetworkMode) IsUserDefined() bool { - return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsSlirp4netns() && !n.IsPasta() && !n.IsNS() + return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer() && !n.IsPasta() && !n.IsNS() } From c43a8ecdac6bdd27f1f17f2a392d46243b8ec2de Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 10 Nov 2025 16:05:45 -0500 Subject: [PATCH 15/18] Cirrus: Remove slirp4netns from logcollector script Signed-off-by: Lokesh Mandvekar --- contrib/cirrus/logcollector.sh | 1 - pkg/domain/infra/abi/network.go | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 1d4cee7d01..2576e42057 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -47,7 +47,6 @@ case $1 in passt podman skopeo - slirp4netns ) case $OS_RELEASE_ID in fedora) diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index ec07c41c20..ef1b05f2fa 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -13,7 +13,6 @@ import ( "github.com/containers/podman/v6/libpod/events" "github.com/containers/podman/v6/pkg/domain/entities" "go.podman.io/common/libnetwork/pasta" - "go.podman.io/common/libnetwork/slirp4netns" "go.podman.io/common/libnetwork/types" netutil "go.podman.io/common/libnetwork/util" ) @@ -180,7 +179,7 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o } func (ic *ContainerEngine) NetworkCreate(_ context.Context, network types.Network, createOptions *types.NetworkCreateOptions) (*types.Network, error) { - if slices.Contains([]string{"none", "host", "bridge", "private", slirp4netns.BinaryName, pasta.BinaryName, "container", "ns", "default"}, network.Name) { + if slices.Contains([]string{"none", "host", "bridge", "private", pasta.BinaryName, "container", "ns", "default"}, network.Name) { return nil, fmt.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name) } network, err := ic.Libpod.Network().NetworkCreate(network, createOptions) From 4a7a9f33e98e7dfedb6b058974925a8739d62001 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 13 Nov 2025 10:32:00 -0500 Subject: [PATCH 16/18] docs/tutorials: Remove slirp Signed-off-by: Lokesh Mandvekar --- docs/tutorials/performance.md | 3 +-- docs/tutorials/rootless_tutorial.md | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/tutorials/performance.md b/docs/tutorials/performance.md index 92e07d12ac..06451ba016 100644 --- a/docs/tutorials/performance.md +++ b/docs/tutorials/performance.md @@ -171,8 +171,7 @@ You can avoid using _pasta_ in the following ways: * Use `--network=host`. No network namespace is created. The container will use the host’s network. Note: By using `--network=host`, the container is given full access to local system services such as D-bus and is therefore considered insecure. -Side note: Pasta is faster than the network driver [slirp4netns](https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md#slirp4netns). -Pasta is the default network driver since Podman 5.0.0. +Side note: Pasta is the default network driver since Podman 5.0.0. Slirp4netns support has been removed since 6.0.0. Since Podman 5.1.0 the default network driver can be shown with diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 955348b62a..ad99648f2a 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -18,20 +18,18 @@ For building Podman, see the [build instructions](https://podman.io/getting-star A user-mode networking tool for unprivileged network namespaces must be installed on the machine in order for Podman to run in a rootless environment. -Podman supports two rootless networking tools: [pasta](https://passt.top/passt/about/#pasta) (provided by [passt](https://passt.top/passt/about/)) and [slirp4netns](https://github.com/rootless-containers/slirp4netns). +Podman supports two rootless networking tools: [pasta](https://passt.top/passt/about/#pasta) (provided by [passt](https://passt.top/passt/about/)). pasta is the default since Podman 5.0, while slirp4netns was the default for previous versions. Passt is a more modern replacement for SLIRP that amongst other things fully supports IPv6 and is more secure architecturally (runs in a separate process, uses modern Linux mechanisms for isolation etc). Passt is [available on most Linux distributions](https://passt.top/passt/about/#availability) via their package distribution software such as `yum`, `dnf`, `apt`, `zypper`, etc. under the name `passt`. If the package is not available, you can build and install `passt` from [its upstream](https://passt.top/passt/about/#try-it). -Alternatively, slirp4netns can be installed in the same fashion either from your distribution's repositories or by following [the instructions](https://github.com/rootless-containers/slirp4netns?tab=readme-ov-file#install) provided on its GitHub. - The major user-facing difference between the two is outlined in [this blog post](https://blog.podman.io/2024/03/podman-5-0-breaking-changes-in-detail/) and expanded upon in **[podman-network(1)](https://github.com/containers/podman/blob/main/docs/source/markdown/podman-network.1.md#pasta)**. > [!note] > pasta's default situation of not being being able to communicate between the container and the host has been fixed in Podman 5.3: see [Podman 5.3 changes for improved networking experience with pasta](https://blog.podman.io/2024/10/podman-5-3-changes-for-improved-networking-experience-with-pasta/). -The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default) or `slirp4netns`. +The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default). ### `/etc/subuid` and `/etc/subgid` configuration From 72436a487d8d1d151e9e122219165a43ce1d985b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 13 Nov 2025 10:32:55 -0500 Subject: [PATCH 17/18] docs/source/markdown: Remove slirp Signed-off-by: Lokesh Mandvekar --- docs/source/markdown/options/network.image.md | 15 ++----------- docs/source/markdown/options/network.md | 22 +++---------------- docs/source/markdown/options/publish.md | 2 +- .../markdown/podman-container-inspect.1.md.in | 2 +- docs/source/markdown/podman-create.1.md.in | 6 ++--- .../source/markdown/podman-generate-spec.1.md | 4 ++-- docs/source/markdown/podman-info.1.md | 14 ------------ docs/source/markdown/podman-network.1.md | 5 +---- .../source/markdown/podman-pod-create.1.md.in | 5 ----- docs/source/markdown/podman-run.1.md.in | 6 ++--- docs/source/markdown/podman-stats.1.md.in | 5 ----- docs/source/markdown/podman.1.md | 4 ++-- 12 files changed, 18 insertions(+), 72 deletions(-) diff --git a/docs/source/markdown/options/network.image.md b/docs/source/markdown/options/network.image.md index f03a38d9ca..282353f04c 100644 --- a/docs/source/markdown/options/network.image.md +++ b/docs/source/markdown/options/network.image.md @@ -15,15 +15,6 @@ considered insecure. - **ns:**_path_: path to a network namespace to join. - **private**: create a new namespace for the container (default) - **\**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootful users. -- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). - - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). - - **outbound_addr=INTERFACE**: Specify the outbound interface slirp binds to (ipv4 traffic only). - - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp binds to. - - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp binds to (ipv6 traffic only). - - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp binds to. - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking stack. \ This is the default for rootless containers and only supported in rootless mode. \ @@ -49,13 +40,11 @@ considered insecure. - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in the container. - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options: disable IPv6, assign - `10.0.2.0/24` to the `tap0` interface in the container, with gateway + disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, disable NDP, DHCPv6 and DHCP support. - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options with Podman overrides: same as - above, but leave the MTU to 65520 bytes + same as above, but leave the MTU to 65520 bytes - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding based on observed bound ports from both host and container sides - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to diff --git a/docs/source/markdown/options/network.md b/docs/source/markdown/options/network.md index eb0d304f4a..231ecd488d 100644 --- a/docs/source/markdown/options/network.md +++ b/docs/source/markdown/options/network.md @@ -31,21 +31,7 @@ Valid _mode_ values are: - **ns:**_path_: Path to a network namespace to join. -- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers and **slirp4netns** for rootless ones. - -- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf: - - - **allow_host_loopback=true|false**: Allow slirp4netns to reach the host loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr subnet when changed, see the cidr option below). The default is false. - - **mtu=**_MTU_: Specify the MTU to use for this network. (Default is `65520`). - - **cidr=**_CIDR_: Specify ip range to use for this network. (Default is `10.0.2.0/24`). - - **enable_ipv6=true|false**: Enable IPv6. Default is true. (Required for `outbound_addr6`). - - **outbound_addr=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv4 traffic only). - - **outbound_addr=**_IPv4_: Specify the outbound ipv4 address slirp binds to. - - **outbound_addr6=**_INTERFACE_: Specify the outbound interface slirp binds to (ipv6 traffic only). - - **outbound_addr6=**_IPv6_: Specify the outbound ipv6 address slirp binds to. - - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. \ - Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If the application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks. - - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks. +- **private**: Create a new namespace for the container. This uses the **bridge** mode for rootful containers. - **pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode networking stack. \ @@ -80,13 +66,11 @@ Valid _mode_ values are: - **pasta:--mtu,1500**: Specify a 1500 bytes MTU for the _tap_ interface in the container. - **pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options: disable IPv6, assign - `10.0.2.0/24` to the `tap0` interface in the container, with gateway + disable IPv6, assign `10.0.2.0/24` to the `tap0` interface in the container, with gateway `10.0.2.3`, enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, disable NDP, DHCPv6 and DHCP support. - **pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, - equivalent to default slirp4netns(1) options with Podman overrides: same as - above, but leave the MTU to 65520 bytes + same as above, but leave the MTU to 65520 bytes - **pasta:-t,auto,-u,auto,-T,auto,-U,auto**: enable automatic port forwarding based on observed bound ports from both host and container sides - **pasta:-T,5201**: enable forwarding of TCP port 5201 from container to diff --git a/docs/source/markdown/options/publish.md b/docs/source/markdown/options/publish.md index 05ec22f197..c861a5a994 100644 --- a/docs/source/markdown/options/publish.md +++ b/docs/source/markdown/options/publish.md @@ -23,4 +23,4 @@ If it is not, the container port is randomly assigned a port on the host. Use **podman port** to see the actual mapping: `podman port $CONTAINER $CONTAINERPORT`. Port publishing is only supported for containers utilizing their own network namespace -through `bridge` networks, or the `pasta` and `slirp4netns` network modes. +through `bridge` networks, or the `pasta` network mode. diff --git a/docs/source/markdown/podman-container-inspect.1.md.in b/docs/source/markdown/podman-container-inspect.1.md.in index 354f07df38..401532b465 100644 --- a/docs/source/markdown/podman-container-inspect.1.md.in +++ b/docs/source/markdown/podman-container-inspect.1.md.in @@ -239,7 +239,7 @@ $ podman container inspect foobar "Tag": "", "Size": "0B" }, - "NetworkMode": "slirp4netns", + "NetworkMode": "pasta", "PortBindings": {}, "RestartPolicy": { "Name": "", diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in index 8cc18f0f75..558be159e9 100644 --- a/docs/source/markdown/podman-create.1.md.in +++ b/docs/source/markdown/podman-create.1.md.in @@ -488,12 +488,12 @@ be installed. The shadow-utils package must include the newuidmap and newgidmap In order for users to run rootless, there must be an entry for their username in /etc/subuid and /etc/subgid which lists the UIDs for their user namespace. -Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed. +Rootless Podman works better if the fuse-overlayfs package is installed. The fuse-overlayfs package provides a userspace overlay storage driver, otherwise users need to use the vfs storage driver, which can be disk space expensive and less performant than other drivers. -To enable VPN on the container, slirp4netns or pasta needs to be specified; +To enable VPN on the container, pasta needs to be specified; without either, containers need to be run with the --network=host flag. ## ENVIRONMENT @@ -543,7 +543,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** +**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** ### Troubleshooting diff --git a/docs/source/markdown/podman-generate-spec.1.md b/docs/source/markdown/podman-generate-spec.1.md index 27c4d2187a..7d602fb917 100644 --- a/docs/source/markdown/podman-generate-spec.1.md +++ b/docs/source/markdown/podman-generate-spec.1.md @@ -86,7 +86,7 @@ $ podman generate spec container1 "nsmode": "default" }, "netns": { - "nsmode": "slirp4netns" + "nsmode": "pasta" }, "Networks": null, "use_image_hosts": false, @@ -161,7 +161,7 @@ $ cat output.json "nsmode": "default" }, "netns": { - "nsmode": "slirp4netns" + "nsmode": "pasta" }, "Networks": null, "use_image_hosts": false, diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 62114f84c7..e82daa64b1 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -119,15 +119,6 @@ host: seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false - slirp4netns: - executable: /bin/slirp4netns - package: slirp4netns-1.1.12-2.fc34.x86_64 - version: |- - slirp4netns version 1.1.12 - commit: 7a104a101aa3278a2152351a082a6df71f57c9a3 - libslirp: 4.4.0 - SLIRP_CONFIG_VERSION_MAX: 3 - libseccomp: 2.5.0 swapFree: 15687475200 swapTotal: 16886259712 uptime: 47h 15m 9.91s (Approximately 1.96 days) @@ -262,11 +253,6 @@ $ podman info --format json "seccompProfilePath": "/usr/share/containers/seccomp.json", "selinuxEnabled": true }, - "slirp4netns": { - "executable": "/bin/slirp4netns", - "package": "slirp4netns-1.1.12-2.fc34.x86_64", - "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" - }, "pasta": { "executable": "/usr/bin/passt", "package": "passt-0^20221116.gace074c-1.fc34.x86_64", diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md index 5506ad8800..7faafeb21e 100644 --- a/docs/source/markdown/podman-network.1.md +++ b/docs/source/markdown/podman-network.1.md @@ -44,10 +44,7 @@ The default bridge network (called `podman`) uses 10.88.0.0/16 as a subnet. When ### Pasta Pasta by default performs no Network Address Translation (NAT) and copies the IPs from your main interface into the container namespace. If pasta cannot find an interface with the default route, it will select an interface if there is only one interface with a valid route. If you do not have a default route and several interfaces have defined routes, pasta will be unable to figure out the correct interface and it will fail to start. To specify the interface, use `-i` option to pasta. A default set of pasta options can be set in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with the `pasta_options` key. -The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which can be set to `pasta` (default) or `slirp4netns`. - -### Slirp4netns -Slirp4netns uses 10.0.2.0/24 for its default network. This can also be changed in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** but under the `[engine]` section. Use the `network_cmd_options` key and add `["cidr=X.X.X.X/24"]` as a value. Note that slirp4netns needs a network prefix size between 1 and 25. This option accepts an array, so more options can be added in a comma-separated string as described on the **[podman-network-create(1)](podman-network-create.1.md)** man page. To change the CIDR for just one container, specify it on the cli using the `--network` option like this: `--network slirp4netns:cidr=192.168.1.0/24`. +The default rootless networking tool can be selected in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** under the `[network]` section with `default_rootless_network_cmd`, which should be set to `pasta` (default). ### Podman network create When a new network is created with a `podman network create` command, and no subnet is given with the --subnet option, Podman starts picking a free subnet from 10.89.0.0/24 to 10.255.255.0/24. Use the `default_subnet_pools` option under the `[network]` section in **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)** to change the range and/or size that is assigned by default. diff --git a/docs/source/markdown/podman-pod-create.1.md.in b/docs/source/markdown/podman-pod-create.1.md.in index 54e0a7d9aa..0812149133 100644 --- a/docs/source/markdown/podman-pod-create.1.md.in +++ b/docs/source/markdown/podman-pod-create.1.md.in @@ -212,11 +212,6 @@ Create a pod with published ports on the host. $ podman pod create --publish 8443:443 ``` -Create a pod with the specified network configuration. -``` -$ podman pod create --network slirp4netns:outbound_addr=127.0.0.1,allow_host_loopback=true -``` - Create a pod with the specified network. ``` $ podman pod create --network pasta diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in index 3afd707c8a..947a59ba01 100644 --- a/docs/source/markdown/podman-run.1.md.in +++ b/docs/source/markdown/podman-run.1.md.in @@ -937,12 +937,12 @@ be installed. The **shadow-utils** package must include the **newuidmap**(1) and In order for users to run rootless, there must be an entry for their username in _/etc/subuid_ and _/etc/subgid_ which lists the UIDs for their user namespace. -Rootless Podman works better if the fuse-overlayfs and slirp4netns packages are installed. +Rootless Podman works better if the fuse-overlayfs package is installed. The **fuse-overlayfs** package provides a userspace overlay storage driver, otherwise users need to use the **vfs** storage driver, which can be disk space expensive and less performant than other drivers. -To enable VPN on the container, slirp4netns or pasta needs to be specified; +To enable VPN on the container, pasta needs to be specified; without either, containers need to be run with the --network=host flag. ## ENVIRONMENT @@ -990,7 +990,7 @@ page. NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** +**[podman(1)](podman.1.md)**, **[podman-save(1)](podman-save.1.md)**, **[podman-ps(1)](podman-ps.1.md)**, **[podman-attach(1)](podman-attach.1.md)**, **[podman-pod-create(1)](podman-pod-create.1.md)**, **[podman-port(1)](podman-port.1.md)**, **[podman-start(1)](podman-start.1.md)**, **[podman-kill(1)](podman-kill.1.md)**, **[podman-stop(1)](podman-stop.1.md)**, **[podman-generate-systemd(1)](podman-generate-systemd.1.md)**, **[podman-rm(1)](podman-rm.1.md)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)**, **[setsebool(8)](https://man7.org/linux/man-pages/man8/setsebool.8.html)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[fuse-overlayfs(1)](https://github.com/containers/fuse-overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **personality(2)** ### Troubleshooting diff --git a/docs/source/markdown/podman-stats.1.md.in b/docs/source/markdown/podman-stats.1.md.in index 13dc48f3f4..a0e9ba5028 100644 --- a/docs/source/markdown/podman-stats.1.md.in +++ b/docs/source/markdown/podman-stats.1.md.in @@ -118,11 +118,6 @@ ID NAME MEM USAGE / LIMIT 6eae9e25a564 clever_bassi 3.031MB / 16.7GB ``` -Note: When using a slirp4netns network with the rootlesskit port -handler, the traffic sent via the port forwarding is accounted to -the `lo` device. Traffic accounted to `lo` is not accounted in the -stats output. - ## SEE ALSO **[podman(1)](podman.1.md)** diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index ec90ccb6a3..cf8c671594 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -472,7 +472,7 @@ Note: whitespace in any row of `/etc/subuid` or `/etc/subgid`, including trailin Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home directory of the user under `.local/share/containers/storage`. -Currently slirp4netns or pasta is required to be installed to create a network +Currently, pasta is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host. @@ -485,7 +485,7 @@ The Overlay file system (OverlayFS) is not supported with kernels prior to 5.12. The Network File System (NFS) and other distributed file systems (for example: Lustre, Spectrum Scale, the General Parallel File System (GPFS)) are not supported when running in rootless mode as these file systems do not understand user namespace. However, rootless Podman can make use of an NFS Homedir by modifying the `$HOME/.config/containers/storage.conf` to have the `graphroot` option point to a directory stored on local (Non NFS) storage. ## SEE ALSO -**[containers-mounts.conf(5)](https://github.com/containers/common/blob/main/docs/containers-mounts.conf.5.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)**, **[containers-storage.conf(5)](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md)**, **[buildah(1)](https://github.com/containers/buildah/blob/main/docs/buildah.1.md)**, **[oci-hooks(5)](https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md)**, **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**, **[crun(1)](https://github.com/containers/crun/blob/main/crun.1.md)**, **[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[slirp4netns(1)](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **[podman-quadlet(1)](podman-quadlet.1.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)** +**[containers-mounts.conf(5)](https://github.com/containers/common/blob/main/docs/containers-mounts.conf.5.md)**, **[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)**, **[containers-storage.conf(5)](https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md)**, **[buildah(1)](https://github.com/containers/buildah/blob/main/docs/buildah.1.md)**, **[oci-hooks(5)](https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md)**, **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**, **[crun(1)](https://github.com/containers/crun/blob/main/crun.1.md)**, **[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**, **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, **[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, **[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, **[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**, **[podman-quadlet(1)](podman-quadlet.1.md)**, **[podman-systemd.unit(5)](podman-systemd.unit.5.md)** ### Troubleshooting From 0279fdf8bc80e32bff02b546af8a4cec49620d58 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 13 Nov 2025 10:55:18 -0500 Subject: [PATCH 18/18] docs/source/locale: Remove slirp Signed-off-by: Lokesh Mandvekar --- docs/source/locale/ja/LC_MESSAGES/markdown.po | 124 ++---------------- 1 file changed, 12 insertions(+), 112 deletions(-) diff --git a/docs/source/locale/ja/LC_MESSAGES/markdown.po b/docs/source/locale/ja/LC_MESSAGES/markdown.po index 4ae143667a..4dba97e236 100644 --- a/docs/source/locale/ja/LC_MESSAGES/markdown.po +++ b/docs/source/locale/ja/LC_MESSAGES/markdown.po @@ -3257,29 +3257,6 @@ msgid "" "supported for rootful users." msgstr "" -#: ../../source/markdown/podman-build.1.md:694 -#: ../../source/markdown/podman-create.1.md:1187 -#: ../../source/markdown/podman-kube-play.1.md:291 -#: ../../source/markdown/podman-pod-create.1.md:410 -#: ../../source/markdown/podman-run.1.md:1214 -msgid "" -"**slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user " -"network stack. This is the default for rootless containers. It is " -"possible to specify these additional options, they can also be set with " -"`network_cmd_options` in containers.conf:" -msgstr "" - -#: ../../source/markdown/podman-build.1.md:695 -#: ../../source/markdown/podman-create.1.md:1188 -#: ../../source/markdown/podman-kube-play.1.md:292 -#: ../../source/markdown/podman-pod-create.1.md:411 -#: ../../source/markdown/podman-run.1.md:1215 -msgid "" -"**allow_host_loopback=true|false**: Allow slirp4netns to reach the host " -"loopback IP (default is 10.0.2.2 or the second IP from slirp4netns cidr " -"subnet when changed, see the cidr option below). The default is false." -msgstr "" - #: ../../source/markdown/podman-build.1.md:696 #: ../../source/markdown/podman-create.1.md:1189 #: ../../source/markdown/podman-kube-play.1.md:293 @@ -3310,42 +3287,6 @@ msgid "" "`outbound_addr6`)." msgstr "" -#: ../../source/markdown/podman-build.1.md:699 -#: ../../source/markdown/podman-create.1.md:1192 -#: ../../source/markdown/podman-kube-play.1.md:296 -#: ../../source/markdown/podman-pod-create.1.md:415 -#: ../../source/markdown/podman-run.1.md:1219 -msgid "" -"**outbound_addr=INTERFACE**: Specify the outbound interface slirp binds " -"to (ipv4 traffic only)." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:700 -#: ../../source/markdown/podman-create.1.md:1193 -#: ../../source/markdown/podman-kube-play.1.md:297 -#: ../../source/markdown/podman-pod-create.1.md:416 -#: ../../source/markdown/podman-run.1.md:1220 -msgid "**outbound_addr=IPv4**: Specify the outbound ipv4 address slirp binds to." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:701 -#: ../../source/markdown/podman-create.1.md:1194 -#: ../../source/markdown/podman-kube-play.1.md:298 -#: ../../source/markdown/podman-pod-create.1.md:417 -#: ../../source/markdown/podman-run.1.md:1221 -msgid "" -"**outbound_addr6=INTERFACE**: Specify the outbound interface slirp binds " -"to (ipv6 traffic only)." -msgstr "" - -#: ../../source/markdown/podman-build.1.md:702 -#: ../../source/markdown/podman-create.1.md:1195 -#: ../../source/markdown/podman-kube-play.1.md:299 -#: ../../source/markdown/podman-pod-create.1.md:418 -#: ../../source/markdown/podman-run.1.md:1222 -msgid "**outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp binds to." -msgstr "" - #: ../../source/markdown/podman-build.1.md:703 msgid "" "**pasta[:OPTIONS,...]**: use **pasta**(1) to create a user-mode " @@ -3394,8 +3335,8 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1252 msgid "" "**pasta:--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-" -"forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, equivalent " -"to default slirp4netns(1) options: disable IPv6, assign `10.0.2.0/24` " +"forward,10.0.2.3,-m,1500,--no-ndp,--no-dhcpv6,--no-dhcp**, " +"assign `10.0.2.0/24` " "to the `tap0` interface in the container, with gateway `10.0.2.3`, " "enable DNS forwarder reachable at `10.0.2.3`, set MTU to 1500 bytes, " "disable NDP, DHCPv6 and DHCP support." @@ -3408,8 +3349,8 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1257 msgid "" "**pasta:-I,tap0,--ipv4-only,-a,10.0.2.0,-n,24,-g,10.0.2.2,--dns-" -"forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, equivalent to " -"default slirp4netns(1) options with Podman overrides: same as above, " +"forward,10.0.2.3,--no-ndp,--no-dhcpv6,--no-dhcp**, " +"same as above, " "but leave the MTU to 65520 bytes" msgstr "" @@ -9586,8 +9527,7 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:1213 msgid "" "**private**: Create a new namespace for the container. This uses the " -"**bridge** mode for rootful containers and **slirp4netns** for rootless " -"ones." +"**bridge** mode for rootful containers." msgstr "" #: ../../source/markdown/podman-create.1.md:1196 @@ -9604,16 +9544,6 @@ msgid "" "defined networks." msgstr "" -#: ../../source/markdown/podman-create.1.md:1198 -#: ../../source/markdown/podman-kube-play.1.md:302 -#: ../../source/markdown/podman-pod-create.1.md:421 -#: ../../source/markdown/podman-run.1.md:1225 -msgid "" -"**port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is " -"slower than rootlesskit but preserves the correct source IP address. This" -" port handler cannot be used for user-defined networks." -msgstr "" - #: ../../source/markdown/podman-create.1.md:1200 #: ../../source/markdown/podman-kube-play.1.md:304 #: ../../source/markdown/podman-pod-create.1.md:423 @@ -12214,7 +12144,7 @@ msgstr "" #: ../../source/markdown/podman-create.1.md:2453 msgid "" -"Rootless Podman works better if the fuse-overlayfs and slirp4netns " +"Rootless Podman works better if the fuse-overlayfs and pasta " "packages are installed. The fuse-overlayfs package provides a userspace " "overlay storage driver, otherwise users need to use the vfs storage " "driver, which can be disk space expensive and less performant than other " @@ -12224,7 +12154,7 @@ msgstr "" #: ../../source/markdown/podman-create.1.md:2458 #: ../../source/markdown/podman-run.1.md:2836 msgid "" -"To enable VPN on the container, slirp4netns or pasta needs to be " +"To enable VPN on the container, pasta needs to be " "specified; without either, containers need to be run with the " "--network=host flag." msgstr "" @@ -12342,8 +12272,7 @@ msgid "" " " "**[systemd.unit(5)](https://www.freedesktop.org/software/systemd/man/systemd.unit.html)**," " **[setsebool(8)](https://man7.org/linux/man-" -"pages/man8/setsebool.8.html)**, **[slirp4netns(1)](https://github.com" -"/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md)**, " +"pages/man8/setsebool.8.html)**," "**[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, " "**[fuse-overlayfs(1)](https://github.com/containers/fuse-" "overlayfs/blob/main/fuse-overlayfs.1.md)**, **proc(5)**, " @@ -20795,24 +20724,14 @@ msgid "" " that this is only done when no containers are running." msgstr "" -#: ../../source/markdown/podman-network.1.md:45 -msgid "Slirp4netns" -msgstr "" - #: ../../source/markdown/podman-network.1.md:46 msgid "" "When Podman is run as rootless, the internet connectivity is provided " -"with slirp4netns by default. Slirp4nents uses 10.0.2.0/24 for its default" +"with Pasta by default. Slirp4nents uses 10.0.2.0/24 for its default" " network. This can also be changed in " "**[containers.conf(5)](https://github.com/containers/common/blob/main/docs/containers.conf.5.md)**" " but under the `[engine]` section. Use the `network_cmd_options` key and " -"add `[\"cidr=X.X.X.X/24\"]` as a value. Note that slirp4netns needs a " -"network prefix size between 1 and 25. This option accepts an array, so " -"more options can be added in a comma-separated string as described on the" -" **[podman-network-create(1)](podman-network-create.1.md)** man page. To " -"change the CIDR for just one container, specify it on the cli using the " -"`--network` option like this: `--network " -"slirp4netns:cidr=192.168.1.0/24`." +"add `[\"cidr=X.X.X.X/24\"]` as a value." msgstr "" #: ../../source/markdown/podman-network.1.md:48 @@ -25500,7 +25419,7 @@ msgstr "" #: ../../source/markdown/podman-run.1.md:2831 msgid "" -"Rootless Podman works better if the fuse-overlayfs and slirp4netns " +"Rootless Podman works better if the fuse-overlayfs and pasta " "packages are installed. The **fuse-overlayfs** package provides a " "userspace overlay storage driver, otherwise users need to use the **vfs**" " storage driver, which can be disk space expensive and less performant " @@ -26528,13 +26447,6 @@ msgstr "" msgid "Do not truncate output" msgstr "" -#: ../../source/markdown/podman-stats.1.md:146 -msgid "" -"Note: When using a slirp4netns network with the rootlesskit port handler," -" the traffic sent via the port forwarding is accounted to the `lo` " -"device. Traffic accounted to `lo` is not accounted in the stats output." -msgstr "" - #: ../../source/markdown/podman-stats.1.md:156 msgid "July 2017, Originally compiled by Ryan Cole " msgstr "" @@ -31337,16 +31249,6 @@ msgstr "" msgid "**--network-cmd-path**=*path*" msgstr "" -#: ../../source/markdown/podman.1.md:99 -msgid "" -"Path to the `slirp4netns(1)` command binary to use for setting up a " -"slirp4netns network. If \"\" is used, then the binary will first be " -"searched using the `helper_binaries_dir` option in `containers.conf`, and" -" second using the `$PATH` environment variable. **Note:** This option is " -"deprecated and will be removed with Podman 5.0. Use the " -"`helper_binaries_dir` option in `containers.conf` instead." -msgstr "" - #: ../../source/markdown/podman.1.md:103 msgid "**--network-config-dir**=*directory*" msgstr "" @@ -31961,7 +31863,7 @@ msgstr "" #: ../../source/markdown/podman.1.md:444 msgid "" -"Currently slirp4netns or pasta is required to be installed to create a " +"Currently pasta is required to be installed to create a " "network device, otherwise rootless containers need to run in the network " "namespace of the host." msgstr "" @@ -32033,8 +31935,6 @@ msgid "" "**[runc(8)](https://github.com/opencontainers/runc/blob/main/man/runc.8.md)**," " **[subuid(5)](https://www.unix.com/man-page/linux/5/subuid)**, " "**[subgid(5)](https://www.unix.com/man-page/linux/5/subgid)**, " -"**[slirp4netns(1)](https://github.com/rootless-" -"containers/slirp4netns/blob/master/slirp4netns.1.md)**, " "**[pasta(1)](https://passt.top/builds/latest/web/passt.1.html)**, " "**[conmon(8)](https://github.com/containers/conmon/blob/main/docs/conmon.8.md)**" msgstr ""