-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v4.1.0 User volumes are not mounted when default volumes are configured in /etc/container/containers.conf #14454
Comments
weird, I thought I fixed this exact issue a month or so back. I will look at this today. edit: I see, I think the pod is just overriding with the volumes it set, since pod volumes were broken up until 7a53428 this came out of the works then. |
@r10r have you tried this on the main branch, running your exact commands in rootless podman works for me. Are you sure I added the same volume config to my
|
@cdoren I tried it with the main branch, but same issue. I'm running podman rootful. Please see the debug information below. I've additionally attached the debug output of the command Btw. I've build podman using the following Dockerfile FROM docker.io/library/golang:1.17-buster as build
ARG DEBIAN_FRONTEND="noninteractive"
RUN apt-get update \
&& apt-get install -y seccomp libseccomp-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workdir
ADD https://github.com/containers/podman/archive/refs/heads/main.tar.gz src.tar.gz
RUN tar --strip-components=1 -xf src.tar.gz
ARG BUILD_TAGS="osusergo,netgo,exclude_graphdriver_devicemapper,exclude_graphdriver_btrfs,containers_image_openpgp,seccomp"
# NOTE watch the project Makefile closely for changes
RUN go build -o /usr/local/bin/podman \
-ldflags "-w -s -extldflags=-static -X github.com/containers/podman/v4/libpod/define.buildInfo=$(date +%s)" \
-tags "${BUILD_TAGS}" \
./cmd/podman
RUN test -x /usr/local/bin/podman && ! ldd /usr/local/bin/podman
FROM docker.io/library/alpine:latest
COPY --from=build /usr/local/bin/podman /usr/local/bin/podman The output of host:
arch: amd64
buildahVersion: 1.27.0-dev
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: conmon-2.0.30-r0
path: /usr/bin/conmon
version: 'conmon version 2.1.0, commit: unknown'
cpuUtilization:
idlePercent: 99.08
systemPercent: 0.22
userPercent: 0.7
cpus: 4
distribution:
distribution: alpine
version: 3.15.2
eventLogger: file
hostname: (none)
idMappings:
gidmap: null
uidmap: null
kernel: 5.16.0-5-amd64
linkmode: dynamic
logDriver: k8s-file
memFree: 1120952320
memTotal: 6220759040
networkBackend: cni
ociRuntime:
name: runc
package: Unknown
path: /usr/local/bin/runc
version: |-
runc version 1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
os: linux
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 0
swapTotal: 0
uptime: 145h 16m 46.00s (Approximately 6.04 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
volume:
- local
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 3
paused: 0
running: 3
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphRootAllocated: 103609503744
graphRootUsed: 57247027200
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1028
runRoot: /var/lib/containers/run
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.2.0-dev
Built: 1654598812
BuiltTime: Tue Jun 7 12:46:52 2022
GitCommit: ""
GoVersion: go1.17.11
Os: linux
OsArch: linux/amd64
Version: 4.2.0-dev |
infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves containers#14454 Signed-off-by: cdoern <[email protected]>
infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves containers#14454 Signed-off-by: cdoern <[email protected]>
/kind bug
Description
In
podman
v4.1.0 user volumes (podman run -v
) or mounts (podman run --mount
) are not added to the OCI spec and not mounted when default volumes are configured in /etc/containers/containers.conf e.gIn
podman
v4.0.3 user mounts and default volumes added to the OCI spec and mounted.Steps to reproduce the issue:
Set
volumes = ["/etc/ssl/certs:/etc/ssl/certs:ro"]
in /etc/containers/containers.confCreate a pod with a container that has additional user mounts
I used the following script for testing.
Describe the results you received:
The output of the test script when using v4.1.0 is
NOTE when
volumes
are removed from /etc/containers/containers.conf then the output isDescribe the results you expected:
The output of the test script when using v4.0.3 is
Additional information you deem important (e.g. issue happens only occasionally):
We did a
git bisect
and identified 7a53428 as first bad commit.I looked at the commit and it seems that the Mounts fields that contains the user mounts field gets overridden by the field
7a53428#diff-5a040c4acc8459d3378715e9af985864e25b780aa6c796170bff095b35bf1883R417
from the json unmarshaller in the Inherit function here
7a53428#diff-3ff238a49e99bd584fa865688b0fd9914acd5cdd71f46606c6750a855da6cf4fR561
I wonder if this does affect other user options too?
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
The text was updated successfully, but these errors were encountered: