From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=Q0xIQaey; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id A4EEE5A0271 for ; Wed, 26 Nov 2025 04:58:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202510; t=1764129488; bh=BfynPjk8Rg7Q9A0fiv6f5ZyoO8C7NTIH7+rVQf+vFr8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Q0xIQaeyMfBYs7mjhNSupuqIINl/AU1d/ncvtKfy2aoMwDUuhBYBqk5MCsOQDtqDt q6WkU1aYSiK6ynK4bI0OcdZvb+IhX3MXgkf2W/rh5e+NFUz1Tlwu/PO091pNpE0asX dWchRgHG7gdmBtJmUzSZhMe8oZHq4yCzoQLDoH7Vc40e0BpIUQzZOlas4hyZXNA/Er /fH3eLS4EEBPF23XTp6M4VEYys5+TBGxBniTq3Dztx6DutI65ZM2DZNNfTrg7/bxxG CGQ72QfXhBYUWitWI18/z+AuHdCC5GUjrrIb8piBor+WUVUSrpZNySwmqNGLwL6dgQ 3ItIagNCmyalw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4dGQl42m9xz4wGK; Wed, 26 Nov 2025 14:58:08 +1100 (AEDT) Date: Wed, 26 Nov 2025 14:58:04 +1100 From: David Gibson To: Ayon T Subject: Re: Help with pasta usage Message-ID: References: <20250512160553.3ec3bd50@elisabeth> <20250512165944.1d42fa62@elisabeth> <20250520175652.432c335b@elisabeth> <20250603124616.0ff93936@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="esZJz0TquosWuEHv" Content-Disposition: inline In-Reply-To: Message-ID-Hash: OQJGJ6GDHEOH5NM67VXTKN3N3DRAF267 X-Message-ID-Hash: OQJGJ6GDHEOH5NM67VXTKN3N3DRAF267 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Stefano Brivio , passt-user@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --esZJz0TquosWuEHv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 24, 2025 at 08:10:35PM -0330, Ayon T wrote: > Hi, sorry it has been a while, I haven't been able to find the time to wo= rk > on this problem. >=20 > However, I think I've managed to narrow down what the problem is, so I'm > writing to you again! >=20 > I essentially ended up using a wrapper for pasta to try out a few differe= nt > arguments with it, even though I went down a different route. I used > "DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS" with `rootlesskit` to pass on a new > location to a script wrapping the pasta binary. >=20 > I passed on the explicit local network IP of the DNS server that runs on = my > home network, and everything started working fine. >=20 > I'll explain: my server PC runs rootless containers =E2=80=93 one of them= runs a > DNS server. On that PC itself, I redirect local DNS queries to 127.0.0.1 > (the first nameserver on /etc/resolv.conf). pasta picks up the first entry > on /etc/resolv.conf and forwards DNS queries to it. But it seems like it > cannot access localhost (probably by design?) With its own default options, pasta will generally allow access from loopback, but docker may (by design) add parameters that override that behaviour. Using 'ps' (or your wrapper) to find out the exact arguments that docker is invoking pasta with would help. > Once I add the local network IP (192.168.x.y) explicitly as the DNS server > to forward queries to, things work, but I find this inefficient as it fee= ls > like queries shouldn't have to go through the local network for resolutio= n, > since the DNS server runs on that very device. So, yes, it arguably should be possible to access the server via 127.0.0.1. That said, I don't think there's any real inefficiency here: the kernel will already direct traffic to a public-but-local address over 'lo', so it won't actually hit the external network. > Please advise me on what can be done about this and if I'm on the wrong > track. >=20 > Regards, > Ayon >=20 > On Tue, Jun 3, 2025 at 8:16=E2=80=AFAM Stefano Brivio wrote: >=20 > > On Fri, 23 May 2025 00:51:25 -0230 > > Ayon T wrote: > > > > > I know you have been asking me to run pasta with arguments with docke= r, > > but > > > I'm not sure how to do this (pardon my inexperience). I use an > > > override.conf file to set the default network and port driver of dock= er, > > > and that's how I use pasta with docker. I have tried looking up how t= o do > > > it in a different way that gives me more control over the arguments t= hat > > go > > > in, but I haven't been able to find it. Could you guide me regarding = this > > > or point me to a resource? > > > > Apologies for the delay. It looks like you need to rebuild rootlesskit > > with any option you want to add, here: > > > > > > https://github.com/rootless-containers/rootlesskit/blob/e83d7635183e112= 5798b2928b22002dfcc4a1168/pkg/network/pasta/pasta.go#L146 > > > > because there's currently no convenient command-line mechanism like the > > one implemented by Podman, here: > > > > > > https://github.com/containers/common/blob/5a4ca2d5d35571556f6e7d1d5f024= c19dc482135/libnetwork/pasta/pasta_linux.go#L174 > > > > I guess it would be nice to implement something similar, but I'm not > > really familiar with rootlesskit otherwise. An alternative could be to > > use a trivial wrapper at /usr/local/bin/pasta, a simple script doing: > > > > -- > > #!/bin/sh > > > > /usr/bin/pasta $@ --whatever-additional-option-here > > -- > > > > -- > > Stefano > > > > > _______________________________________________ > user mailing list -- passt-user@passt.top > To unsubscribe send an email to passt-user-leave@passt.top --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --esZJz0TquosWuEHv Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkmessACgkQzQJF27ox 2Ge4NQ//W5kEfa82Z1T6A4CLYIeelxFsZwXbcVM996QpYgv/BRu4FZU1X8suHUFn RiiHjJ9PbKqUcgk1VZE3+iKe/OWTX1cVc7revEDpXKQsX5SX9HY+4sO3/6gcYUUj ULE7kd6dUHE8SFv3voCKvtKpApj8gZrq69aLfdfplSxu/bWckjPVuUt7AnD8yTE8 CbQZCYq2ixpUnOc6FG9uSNgoh8Mm/FenYWO0EBFanEQ6GPrFGhzyxAZimcFCWDQ4 SUyZDcD4sa4dolbRCAscDYyX/B75eFejOdm8Kp3PEHhE94KctPvoyU9tvVoR080K RT54ph+jqspYIgHEE+BEKyfk4BOvy0km3nOpwFMBQ5XyJJk84tP/WhyxJISW3+QM 7l0SFpRg5jip+vPpBRiQmD4YJlmBY92VVGz8OxdiCM1OUN9Tdd5f+bdW1ms/NNCY by88dPQM8xv1OsPWVShG4SfHqui1OoHqcuUesQR3jpeUHHNOPkOHQ67wXHy+/Zsr 1asOcWocvhrKYLm0UYh6cPY8nL8O9YXoa1CK90HDtdZFz7SASH5coOjMkmT1KTnL 40XNxbDXjsxhrUswzh65xKFYSy2WrvhNYOdW55Ut91r3csjoGcg/8u4Gf1aPOaPX XxvqqOX/K0FwgV45nmdgmEg5w2bPelnwHdcK1sTNHtszHU3e/rk= =pctE -----END PGP SIGNATURE----- --esZJz0TquosWuEHv--