Skip to content

host.containers.internal only bound to one address #27802

New issue
New issue
Open
Open
host.containers.internal only bound to one address#27802
Labels
kind/bugCategorizes issue or PR as related to a bug.
@LunarEclipse363

Description

@LunarEclipse363
LunarEclipse363
opened on Dec 18, 2025

Issue Description

When a container uses a network with multiple subnets, only one of them will be reflected for host.containers.internal in the generated /etc/hosts inside the container.

In my case, with the following modified default network config in /etc/containers/networks/podman.json:

{
     "name": "podman",
     "id": "23ebbf40f03bec53d03bf0a1b1aab65cdc72c772788063ac09e2add2c67bcb9d",
     "driver": "bridge",
     "network_interface": "podman0",
     "created": "2025-12-18T16:39:40.862456097+01:00",
     "subnets": [
          {
               "subnet": "10.88.0.0/16",
               "gateway": "10.88.0.1"
          },
          {
               "subnet": "fd00:acab:1337::/48",
               "gateway": "fd00:acab:1337::1"
          }
     ],
     "ipv6_enabled": true,
     "internal": false,
     "dns_enabled": true,
     "ipam_options": {
          "driver": "host-local"
     },
     "containers": {}
}

Steps to reproduce the issue

Steps to reproduce the issue

  1. set up a podman network with multiple subnets (i.e. modify the default network)
  2. start up a container bound to it (i.e. podman run --rm -it docker.io/alpine:latest)
  3. check the contents of /etc/hosts inside the container

Describe the results you received

The /etc/hosts inside an empty docker.io/alpine:latest container is:

127.0.0.1	localhost
::1	localhost
10.88.0.1	host.containers.internal host.docker.internal
10.88.0.7	b4d1449a5a4a unruffled_hoover
fd00:acab:1337::6	b4d1449a5a4a unruffled_hoover

Describe the results you expected

The /etc/hosts being something like:

127.0.0.1	localhost
::1	localhost
10.88.0.1	host.containers.internal host.docker.internal
fd00:acab:1337::1	host.containers.internal host.docker.internal
10.88.0.7	b4d1449a5a4a unruffled_hoover
fd00:acab:1337::6	b4d1449a5a4a unruffled_hoover

podman info output

host:
  arch: amd64
  buildahVersion: 1.42.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-1:2.1.13-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.13, commit: 82de887596ed8ee6d9b2ee85e4f167f307bb569b'
  cpuUtilization:
    idlePercent: 99.01
    systemPercent: 0.48
    userPercent: 0.51
  cpus: 4
  databaseBackend: sqlite
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  freeLocks: 2047
  hostname: redacted
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.12.62-1-lts
  linkmode: dynamic
  logDriver: journald
  memFree: 11404988416
  memTotal: 12539490304
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.17.0-1
      path: /usr/lib/podman/aardvark-dns
      version: aardvark-dns 1.17.0
    package: netavark-1.17.1-1
    path: /usr/lib/podman/netavark
    version: netavark 1.17.1
  ociRuntime:
    name: crun
    package: crun-1.25.1-1
    path: /usr/bin/crun
    version: |-
      crun version 1.25.1
      commit: 156ae065d4a322d149c7307034f98d9637aa92a2
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-2025_12_15.b40f5cd-1
    version: |
      pasta 2025_12_15.b40f5cd
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 0
  swapTotal: 0
  uptime: 1h 14m 43.00s (Approximately 0.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 313627258880
  graphRootUsed: 267294441472
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.7.1
  Built: 1765447754
  BuiltTime: Thu Dec 11 11:09:14 2025
  GitCommit: f845d14e941889ba4c071f35233d09b29d363c75
  GoVersion: go1.25.5 X:nodwarf5
  Os: linux
  OsArch: linux/amd64
  Version: 5.7.1

Podman in a container

No

Privileged Or Rootless

Privileged

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions