podman run --platform for a local manifest list uses the wrong platform

[kgibm]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Using podman 4.1.1 on macOS, building a local manifest list with multiple platforms and then trying to run it with a platform other than my mac's platform uses the wrong platform, although it works fine for a remote manifest list.

Steps to reproduce the issue:

1. Create this Containerfile:

   FROM --platform=$TARGETPLATFORM docker.io/fedora:latest
   RUN echo "$(uname -a)" > uname.txt
   

2. Build for a couple of platforms:

   podman build --platform linux/amd64,linux/arm64 --manifest localhost/test:latest .
   

3. Inspect the manifest list:

   $ podman manifest inspect localhost/test:latest
   {
       "schemaVersion": 2,
       "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
       "manifests": [
           {
               "mediaType": "application/vnd.oci.image.manifest.v1+json",
               "size": 753,
               "digest": "sha256:865c97b90552b1eb85b4867738f626527ce81026ea7f22fe64045327c19cda7b",
               "platform": {
                   "architecture": "arm64",
                   "os": "linux"
               }
           },
           {
               "mediaType": "application/vnd.oci.image.manifest.v1+json",
               "size": 753,
               "digest": "sha256:6cbef6b712e20dfa7d0809c1eb18b84bbc91d027a75842324ab664d5be22b11a",
               "platform": {
                   "architecture": "amd64",
                   "os": "linux"
               }
           }
       ]
   }
   

4. Running each of the digests in the manifest list shows the correct uname output:

   $ podman run --rm localhost/test@sha256:865c97b90552b1eb85b4867738f626527ce81026ea7f22fe64045327c19cda7b cat uname.txt
   Linux de31d2b7ab58 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
   $ podman run --rm localhost/test@sha256:6cbef6b712e20dfa7d0809c1eb18b84bbc91d027a75842324ab664d5be22b11a cat uname.txt
   Linux efd38dcedcf3 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
   

5. Running the manifest list with any platform other than x86_64 (which is the platform of my macOS) uses the wrong platform:

   $ podman run --rm --platform linux/arm64/v8 localhost/test cat uname.txt
   Linux efd38dcedcf3 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
   $ podman run --rm --platform linux/arm64/v8 localhost/test uname -a
   Linux 28836d17271c 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
   

6. However, doing the same on a remote manifest list works fine:

   $ podman run --rm --platform linux/arm64/v8 -it docker.io/fedora uname -a 2>/dev/null
   Linux 7498541e36b5 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
   

Describe the results you received:

podman run --platform linux/arm64/v8 on a manifest list that includes such a platform showed the output of the platform of my mac

Describe the results you expected:

podman run --platform $P on a manifest list should run for the specific platform

Additional information you deem important (e.g. issue happens only occasionally):

With --log-level=debug

$ podman run --log-level=debug --platform linux/arm64/v8 --rm localhost/test cat uname.txt
INFO[0000] podman filtering at log level debug          
DEBU[0000] Called run.PersistentPreRunE(podman run --log-level=debug --platform linux/arm64/v8 --rm localhost/test cat uname.txt) 
DEBU[0000] SSH Ident Key "/Users/kevin/.ssh/podman-machine-default" SHA256:QxTp0Td7v4BR3X50lXt+so/L6zB/25C/Js8Akk8VdpE ssh-ed25519 
DEBU[0000] Found SSH_AUTH_SOCK "/private/tmp/com.apple.launchd.KfKpWiTOVo/Listeners", ssh-agent signer(s) enabled 
DEBU[0000] SSH Agent Key SHA256:7Z2VAKPt/xZjYk290LSjGhV/KeIwjk7FgqHmD+2eqjM ssh-rsa 
DEBU[0000] DoRequest Method: GET URI: http://d/v4.1.1/libpod/_ping 
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf" 
DEBU[0000] Found credentials for docker.io in credential helper containers-auth.json in file /Users/kevin/.config/containers/auth.json 
DEBU[0000] Found credentials for icr.io in credential helper containers-auth.json in file /Users/kevin/.config/containers/auth.json 
DEBU[0000] Found credentials for quay.io in credential helper containers-auth.json in file /Users/kevin/.config/containers/auth.json 
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/images/pull 
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/containers/create 
INFO[0000] Going to attach to container "b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132" 
DEBU[0000] DoRequest Method: GET URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132/json 
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132/attach 
DEBU[0000] Copying standard streams of container "b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132" in non-terminal mode 
INFO[0000] Going to start container "b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132" 
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132/start 
Linux efd38dcedcf3 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132/wait 
DEBU[0000] DoRequest Method: POST URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132/shouldrestart 
DEBU[0000] DoRequest Method: DELETE URI: http://d/v4.1.1/libpod/containers/b54aa757cea4d87329409912a2a9adf12782b2e4123bc1b137c4a27256d12132 
DEBU[0001] Called run.PersistentPostRunE(podman run --log-level=debug --platform linux/arm64/v8 --rm localhost/test cat uname.txt) 

Output of podman version:

podman version output

$ podman version
Client:       Podman Engine
Version:      4.1.1
API Version:  4.1.1
Go Version:   go1.18.3
Built:        Tue Jun 14 15:12:46 2022
OS/Arch:      darwin/amd64

Server:       Podman Engine
Version:      4.1.0
API Version:  4.1.0
Go Version:   go1.18
Built:        Fri May  6 11:15:54 2022
OS/Arch:      linux/amd64

Output of podman info --debug:

podman info --debug output

$ podman info --debug
host:
  arch: amd64
  buildahVersion: 1.26.1
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-2.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: '
  cpuUtilization:
    idlePercent: 98.96
    systemPercent: 0.45
    userPercent: 0.59
  cpus: 4
  distribution:
    distribution: fedora
    variant: coreos
    version: "36"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.17.5-300.fc36.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 5062844416
  memTotal: 10431864832
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.4.4-1.fc36.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.4
      commit: 6521fcc5806f20f6187eb933f9f45130c86da230
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 1h 18m 5.98s (Approximately 0.04 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 128300593152
  graphRootUsed: 14736486400
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 128
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.1.0
  Built: 1651853754
  BuiltTime: Fri May  6 11:15:54 2022
  GitCommit: ""
  GoVersion: go1.18
  Os: linux
  OsArch: linux/amd64
  Version: 4.1.0

Package info (e.g. output of rpm -q podman or apt list podman):

brew info podman output

$ brew info podman
podman: stable 4.1.1 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/usr/local/Cellar/podman/4.1.1 (174 files, 47.7MB) *
  Poured from bottle on 2022-06-28 at 12:38:03
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

macOS information

$ system_profiler SPSoftwareDataType SPHardwareDataType | grep -v -e UUID -e UDID -e 'User Name' -e 'Computer Name' -e Serial
Software:

    System Software Overview:

      System Version: macOS 12.4 (21F79)
      Kernel Version: Darwin 21.5.0
      Boot Volume: MainDisk
      Boot Mode: Normal
      Secure Virtual Memory: Enabled
      System Integrity Protection: Disabled
      Time since boot: 12 days 2:24

Hardware:

    Hardware Overview:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro15,1
      Processor Name: 6-Core Intel Core i7
      Processor Speed: 2.6 GHz
      Number of Processors: 1
      Total Number of Cores: 6
      L2 Cache (per Core): 256 KB
      L3 Cache: 9 MB
      Hyper-Threading Technology: Enabled
      Memory: 16 GB
      System Firmware Version: 1731.120.10.0.0 (iBridge: 19.16.15071.0.0,0)
      OS Loader Version: 540.120.3~6
      Activation Lock Status: Enabled

[mheon]

@vrothberg PTAL

[vrothberg]

@flouthoc can you take a look? The reproducer does not build on my end.

[flouthoc]

I'll check this thanks. Looks like issue is with using --platform and podman run together.

[kgibm]

Looks like issue is with using --platform and podman run together.

One odd wrinkle as per point 6 in the description is that --platform and podman run together work fine for a well-known remote manifest list (fedora). Maybe the locally built localhost/test is being evaluated as an image instead of a manifest list, or something like that.

[flouthoc]

@kgibm it works on remote list because image for provided platform is always pulled and on platform change its overridden. I think till now podman run had no support of running container from manifest list above PR should add support for that #14827

[kgibm]

Thanks!