question: how to enable legacy behavior for --network=host for rootless

[hholst80]

I have been banging my head on the problem that docker, podman et al all use namespace for localhost so even if I specify --network=host it will have its own network namespace which does not expose the ports available on localhost.

I am currently quite stuck in my workflow unless I can find a way around this. Is there a way to allow --network=host in the "legacy" behavior with rootless that it indeed uses the host network?

I tried removing --disable-host-loopback from the docker scripts that use slip4netns but that does not seem to have any effect because ss -tlpn still does not show up the ports served by other services connected to localhost network.

[AkihiroSuda]

RootlessKit per se has rootlesskit --net=host mode, but it is incompatible with Docker

[hholst80]

We moved off the assumption that localhost is localhost, if that makes sense. Instead we use a pod like setup where many containers share that network namespace of that pod container.

Ping me here if you need details on workarounds and I'll write it up off issue.

That said, I am still curious if there's a way to make this work with Docker. I do not see why there would be any need for iptables rules for a host network container.