Hi, sorry it has been a while, I haven't been able to find the time to work on this problem.

However, I think I've managed to narrow down what the problem is, so I'm writing to you again!

I essentially ended up using a wrapper for pasta to try out a few different arguments with it, even though I went down a different route. I used "DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS" with `rootlesskit` to pass on a new location to a script wrapping the pasta binary.

I passed on the explicit local network IP of the DNS server that runs on my home network, and everything started working fine.

I'll explain: my server PC runs rootless containers – one of them runs a DNS server. On that PC itself, I redirect local DNS queries to 127.0.0.1 (the first nameserver on /etc/resolv.conf). pasta picks up the first entry on /etc/resolv.conf and forwards DNS queries to it. But it seems like it cannot access localhost (probably by design?)

Once I add the local network IP (192.168.x.y) explicitly as the DNS server to forward queries to, things work, but I find this inefficient as it feels like queries shouldn't have to go through the local network for resolution, since the DNS server runs on that very device.

Please advise me on what can be done about this and if I'm on the wrong track.

Regards,

Ayon

On Tue, Jun 3, 2025 at 8:16 AM Stefano Brivio <sbrivio@redhat.com> wrote:

On Fri, 23 May 2025 00:51:25 -0230
Ayon T <sanroz.mozan13@gmail.com> wrote:

> I know you have been asking me to run pasta with arguments with docker, but
> I'm not sure how to do this (pardon my inexperience). I use an
> override.conf file to set the default network and port driver of docker,
> and that's how I use pasta with docker. I have tried looking up how to do
> it in a different way that gives me more control over the arguments that go
> in, but I haven't been able to find it. Could you guide me regarding this
> or point me to a resource?

Apologies for the delay. It looks like you need to rebuild rootlesskit
with any option you want to add, here:

https://github.com/rootless-containers/rootlesskit/blob/e83d7635183e1125798b2928b22002dfcc4a1168/pkg/network/pasta/pasta.go#L146

because there's currently no convenient command-line mechanism like the
one implemented by Podman, here:

https://github.com/containers/common/blob/5a4ca2d5d35571556f6e7d1d5f024c19dc482135/libnetwork/pasta/pasta_linux.go#L174

I guess it would be nice to implement something similar, but I'm not
really familiar with rootlesskit otherwise. An alternative could be to
use a trivial wrapper at /usr/local/bin/pasta, a simple script doing:

--
#!/bin/sh

/usr/bin/pasta $@ --whatever-additional-option-here
--

--
Stefano