Hi Paul, On Fri, 9 Feb 2024 17:57:05 +0100 Paul Holzinger <pholzing(a)redhat.com> wrote:Hi all, I found some issues with the pasta port binding logic, it does not correctly handle errors when trying to bind a port range. Let's first bind a port so we can force an error condition it: $ nc -l -p 8080 & $ pasta -t 8080 true Failed to bind any port for '-t 8080', exiting <-- fails as expected $ pasta -t 8081 -t 8080 true Failed to bind any port for '-t 8080', exiting <-- here it also fails correctly $ pasta -t 8080-8081 true <-- no error even though pasta could not bind 8080This is actually intended: it only fails if it can't bind *any* port in a given range, so that users don't have to explicitly exclude ports from ranges in case some are already taken, knowingly or not. That's why the error message says "any port". For two ports it probably makes no sense, but for larger ranges excluding dozens of ports can get quite annoying for the user. And warnings on failed bind() calls could get quite noisy, too. If it's a problem for Podman, I can think of two solutions. One would be an option such as --strict-bind or suchlike (better names warmly welcome). Another idea would be that the back-end in Podman passes ranges as single ports... but then the command line might explode and that's not ideal for users, either. I'd rather favour the extra option.Also besides this I find the error message less than ideal. It missing the errno from the bind syscall so important context gets lost (i.e. Address already in use vs Permission denied).The problem is that we might fail to bind multiple ports, so there isn't necessarily a single bind() error. But if we go with --strict-bind, we could report the first error (including return code from the system call) and exit right away. Let me know if any of this would address your problem, I can write a patch in the next days in case (or feel free to submit one). -- Stefano