Page MenuHomeVyOS Platform
Create Task
Maniphest T7736

Container: virtual-ethernet exception when attempting to modify container network created veth
Open, NormalPublicBUG
Actions

Description

If you attempt to configure a virtual-ethernet interface that is either itself owned by a podman network, or is trying to define a peer that is owned by a podman network, an exception is thrown.

Traceback (most recent call last):
  File "/usr/libexec/vyos/services/vyos-configd", line 156, in run_script
    script.apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_virtual-ethernet.py", line 102, in apply
    p.update(veth)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1770, in update
    self.set_alias(config.get('description', ''))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1062, in set_alias
    tmp = self.get_interface('alias')
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 190, in get_interface
    return self._get_command(self.config, name)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 73, in _get_command
    return self._command_get[name].get('format', lambda _: _)(self._cmd(cmd))
                                                              ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 66, in _cmd
    return cmd(command, self.debug, env=env)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 189, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: None ip -json -detail link list dev veth4
returned: 
exit code: 1

An error should be raised when attempting to configure a veth interface owned by a podman network (or is attempting to peer to a veth owned by a podman network).

Details

Version
1.5
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

L0crian created this task.Aug 19 2025, 7:15 PM
L0crian added a comment.Aug 19 2025, 8:35 PM

Has Podman 5.4 been evaluated at all? It seems like 5.4 introduced a new feature that would solve this in the cleanest way:

- The `--network` option to `podman run`, `podman create`, and `podman pod create` now
accepts a new option for `bridge` networks, `host_interface_name`, which specifies a name
for the network interface created outside the container.

This would create interfaces that wouldn't conflict with user created veth interfaces. You could have a simple structure like veth-<container name>. So an AdGuard container would create this local veth interface:

veth-adguard

This would not only solve the issue presented in this task, but it would also create a deterministic interface for each container that could be used within firewall/nat/policy rules.

pasik subscribed.Aug 20 2025, 6:21 AM
Unknown Object (User) triaged this task as Normal priority.Aug 20 2025, 3:46 PM