google
Newly created sandbox in host networking mode has lo interface DOWN
Description
In our experiment we found that in a newly created gVisor Sandbox, if the network stack is set to none, then there is a lo interface and it is enabled with loopback address of 127.0.0.1. But if the network stack is set to host, the lo interface still exists, but is disabled (i.e. state DOWN). These can all be explained by the code here. https://github.com/google/gvisor/blob/master/runsc/sandbox/network.go#L71
The problem is that in none mode, there is no networking outside of the sandbox. We want to both enable loopback, and also network externally. Is there a way to have lo enabled in host mode?
I have tried to duplicates L60-63 to L72, but it does not work.
Is this feature related to a specific bug?
No response
Do you have a specific solution in mind?
No response
When the network mode is host, the sandbox will use the host's network stack and if the host network has loopback interface disabled, sandbox should also have it disabled. For example in docker, the loopback interfaces are disabled by default when the container comes up and its the responsibility of the application to enable it.
I think changing the behavior of the sandbox to be other than what the host network has while using host network mode is not a good idea.
@syang998 could you share more details on how you are starting a container? I think you might be starting it in a new network namespace. If that's true, it would explain why the lo device is down:
$ unshare -Urn ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Hi, @avagin You are right. We start it in a new network namepsace and the default for lo is DOWN. Is this usage something we can add? Perhaps another mode?
@syang998: If you want to use the host network mode and have internet connectivity, you need to run your sandbox in the host network namespace.