Hi Ayon,
On Sat, 10 May 2025 21:26:29 -0230
Ayon T
Hi,
I've been using pasta as a network driver for rootless docker and I've been running into a couple of issues for a while now. I hope this is where I can find some help troubleshooting.
The issue is that when I use pasta as the network driver as opposed to slirp4netns, I'm unable to access the internet through rootless docker or use ping (or traceroute) through its containers. So if I run "docker pull <image-name>" I get a timeout error:
Using default tag: latest Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read udp 169.254.2.1:58905 ->10.0.2.3:53: i/o timeout
I'm running pasta version 0.0~git20250217.a1e48a0-1 on Ubuntu 24.04.2 LTS with docker v27.3.1 build ce12230.
I suspect you might be hitting this: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2077158 ...which is fixed on Ubuntu 24.10 and later versions. As a workaround, I guess you can create the AppArmor profile for pasta manually, from: https://passt.top/passt/tree/contrib/apparmor/usr.bin.pasta or set /proc/sys/kernel/unprivileged_userns_apparmor_policy to 0, see also: https://github.com/kubevirt/kubevirt/issues/12333 Let me know if you still hit the issue. -- Stefano