From Fedora Project Wiki

Description

This test case verifies the functionality of Podman 5.3’s new pasta integration, specifically the --map-guest-addr option for host.containers.internal.

Setup

Install Podman 5.3 (pre-release) and ensure both rootless and root container capabilities are configured.

How to test

Run an NGINX container with exposed port 8080:

   podman run -d -p 8080:80 docker.io/library/nginx

Use curl to access host.containers.internal from another container:

   podman run --rm -it docker.io/library/nginx:latest curl host.containers.internal:8080

Clean up the container:

   podman rm -fa -t0

Start NGINX with localhost binding on 127.0.0.1:8080:

   podman run -d -p 127.0.0.1:8080:80 docker.io/library/nginx

Attempt to access host.containers.internal from another container, expecting a hang:

   podman run --rm -it docker.io/library/nginx:latest curl host.containers.internal:8080

Expected Results

The following must be true to consider this a successful test run: Accessing host.containers.internal:8080 with --map-guest-addr displays NGINX page content. Curl command hangs when accessing a localhost-bound socket, verifying restricted access.

Optional

Test with additional ports or container images to verify network isolation via host.containers.internal.