-
Bug
-
Resolution: Can't Do
-
Undefined
-
None
-
CentOS Stream 10
-
None
-
No
-
None
-
rhel-sst-container-tools
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Our TF test jobs run on CentOS 10 Stream in CI. Since a recent update they can no longer successfully checkpoint a container while keeping TCP connections.
I am not sure if this is a bug in podman or criu as criu calls iptables-restore. But on C9S the dependency was in the podman package https://gitlab.com/redhat/centos-stream/rpms/podman/-/blob/c9s/podman.spec?ref_type=heads#L61
What is the impact of this issue to you?
Medium
Please provide the package NVR for which the bug is seen:
podman-5.2.2-3.el10.x86_64
How reproducible is this bug?:
Yes
Steps to reproduce
- podman container checkpoint --tcp-established $container
Expected results
Can checkpoint successfully.
Actual results
(00.125734) net: Lock network (00.125736) Running network-lock scripts Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory (00.126330) Error (criu/util.c:642): exited, status=1 Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory (00.126836) Error (criu/util.c:642): exited, status=1 (00.126847) Error (criu/net.c:3124): net: Locking network failed: iptables-restore returned -1. This may be connected to disabled CONFIG_NETFILTER_XT_MARK kernel build config option. (00.126868) net: Unlock network (00.126870) Running network-unlock scripts Error (criu/util.c:627): execvp("iptables-restore", ...) failed: No such file or directory (00.127327) Error (criu/util.c:642): exited, status=1 Error (criu/util.c:627): execvp("ip6tables-restore", ...) failed: No such file or directory (00.127809) Error (criu/util.c:642): exited, status=1 (00.127824) Unfreezing tasks into 1 (00.127826) Unseizing 7099 into 1 (00.127849) Error (criu/cr-dump.c:2098): Dumping FAILED.