Request for more descriptive netavark error message(s) #1392
Description
docker-compose.yaml with the following content:
services:
nginx:
image: docker.io/nginx:bookworm
ports:
- "8081:80"
$ podman compose up
Trying to pull docker.io/library/nginx:bookworm...
Getting image source signatures
Copying blob 3cc5fdd1317a done |
Copying blob 5c32499ab806 done |
Copying blob 5f825f15e2e0 done |
Copying blob 375a694db734 done |
Copying blob 16d05858bb8d done |
Copying blob 08cfef42fd24 done |
Copying blob 4f4e50e20765 done |
Copying config 203ad09fc1 done |
Writing manifest to image destination
ac9a1f318e517e5d270a65d266fc4b7c38c1eeff5fe97ec170454c6c8d24a1b6
[nginx] | Error: unable to start container ac9a1f318e517e5d270a65d266fc4b7c38c1eeff5fe97ec170454c6c8d24a1b6: netavark: nftables error: "nft" did not return successfully while getting the current ruleset
or
$ podman run --replace --name podman-nginx -p 8080:80 -d nginx:bookworm --verbose
Error: netavark: nftables error: "nft" did not return successfully while getting the current ruleset
I first thought I'm missing some kernel module for which if I remember correctly the error message was the same instead of printing the actual missing module but can't tell for sure. I found no way on how to actually see which rule netavark tried to apply/pass neither in the journal nor in dmesg so having that printed in the error output would've probably helped as well, especially in the case of potential missing kernel module(s).
In this case however it turned out I had to rebuild nftables with --with-json which I had previously compiled with --without-json.
So genereally it would be nice for netavark to:
- print the rule netavark tries to apply/pass (ideally directly stating the missing kernel module)
- check if nftables supports json and print a meaningful error message if not