Podman looks for config files in /usr/etc as opposed to /etc

[VorpalBlade]

Issue Description

$ docker --version
Emulate Docker CLI using podman. Create /usr/etc/containers/nodocker to quiet msg.
podman version 4.5.0

For some unfathomable reason podman looks for this file under /usr/etc (which is not a thing) instead of /etc.

Steps to reproduce the issue

Steps to reproduce the issue

1. Run the docker wrapper (in my case, I'm using a command that calls docker)
2. Observe output referring to creating the nodocker file.
3. Be very surprised that it is looking in /usr/etc as opposed to /etc.

Describe the results you received

podman ignores the nodocker file in /etc/containers and looks under /usr instead

Describe the results you expected

podman should honor the nodocker file in /etc/containers.

podman info output

host:
  arch: amd64
  buildahVersion: 1.30.0
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.1.7-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: f633919178f6c8ee4fb41b848a056ec33f8d707d'
  cpuUtilization:
    idlePercent: 95.29
    systemPercent: 2.69
    userPercent: 2.02
  cpus: 12
  databaseBackend: boltdb
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  hostname: theseus
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.2.11-arch1-1
  linkmode: dynamic
  logDriver: journald
  memFree: 8901050368
  memTotal: 33563201536
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: /usr/bin/crun is owned by crun 1.8.3-1
    path: /usr/bin/crun
    version: |-
      crun version 1.8.3
      commit: 59f2beb7efb0d35611d5818fd0311883676f6f7e
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.2.0-1
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.4
  swapFree: 3687313408
  swapTotal: 4294963200
  uptime: 4h 59m 24.00s (Approximately 0.17 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/arvid/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: btrfs
  graphOptions: {}
  graphRoot: /home/arvid/.local/share/containers/storage
  graphRootAllocated: 474197331968
  graphRootUsed: 291307859968
  graphStatus:
    Build Version: Btrfs v6.2.2
    Library Version: "102"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 11
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/arvid/.local/share/containers/storage/volumes
version:
  APIVersion: 4.5.0
  Built: 1681754464
  BuiltTime: Mon Apr 17 20:01:04 2023
  GitCommit: 75e3c12579d391b81d871fd1cded6cf0d043550a-dirty
  GoVersion: go1.20.3
  Os: linux
  OsArch: linux/amd64
  Version: 4.5.0

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

$ podman version
Client:       Podman Engine
Version:      4.5.0
API Version:  4.5.0
Go Version:   go1.20.3
Git Commit:   75e3c12579d391b81d871fd1cded6cf0d043550a-dirty
Built:        Mon Apr 17 20:01:04 2023
OS/Arch:      linux/amd64
$ pacman -Qi podman                                   
Name            : podman
Version         : 4.5.0-1
Description     : Tool and library for running OCI-based containers in pods
Architecture    : x86_64
URL             : https://github.com/containers/podman
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : catatonit  conmon  containers-common  crun  gcc-libs  glibc  iptables  device-mapper  libdevmapper.so=1.02-64  gpgme  libgpgme.so=11-64  libseccomp  libseccomp.so=2-64
                  slirp4netns
Optional Deps   : apparmor: for AppArmor support [installed]
                  btrfs-progs: support btrfs backend devices [installed]
                  cni-plugins: for an alternative container-network-stack implementation
                  fuse-overlayfs: for storage driver in rootless environment
                  podman-compose: for docker-compose compatibility [installed]
                  podman-docker: for Docker-compatible CLI [installed]
Required By     : podman-compose  podman-docker
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 80,69 MiB
Packager        : Morten Linderud <[email protected]>
Build Date      : mån 17 apr 2023 20:01:04
Install Date    : mån 17 apr 2023 22:13:39
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

podman was installed using the Arch Linux package.

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[vrothberg]

Thanks for reaching out, @VorpalBlade.

The /etc/ path is set a build time (see https://github.com/containers/podman/blob/main/Makefile#L41). So it seems like the binary has been built with PREFIX=/usr?

I don't think there's much we can do upstream as it must be fixed in the Archlinux package.

[vrothberg]

@Foxboron can you take a look?

[VorpalBlade]

I can open an Arch bug if you want, but it sounds like you already have an Arch guy/gal in your team here?

EDIT: I went ahead and created a downstream bug anyway: https://bugs.archlinux.org/task/78253

[Luap99]

I assume 3c9ce3e caused this problem, before the file was hard coded to /etc/container/nodocker.

[Luap99]

@vrothberg I think our Makefile is wrong here. Setting prefix before ETCDIR definitely looks not correct to me.
If you build via makefile locally without setting any variable it will default to /usr/local/etc:
github.com/containers/podman/v4/libpod/config._etcDir=/usr/local/etc (Note that this is actually never used anywhere, can we remove it?)

I think it is reasonable to have ETCDIR actually default to /etc and not $PREFIX/etc.

[Foxboron]

@vrothberg Yes, "$PREFIX" is correct in the package and /etc should not have $PREFIX.

Are you confusing $PREFIX and $DESTDIR?

[Foxboron]

Okay, no. The Makefile is just wrong.

3d0e08f

Is just a weird commit and I'm not sure what it is trying to fix.

[vrothberg]

Let's fix the Makefile. Commit 3c9ce3e looks good to me but /etc doesn't need a prefix.

Thanks folks!

[Foxboron]

@vrothberg thanks. I'll pull the fix into the Arch package :)

[afbjorklund]

I think it is reasonable to have ETCDIR actually default to /etc and not $PREFIX/etc.

It is perfectionably reasonable to have $PREFIX/etc as the normal case and /etc as a special case (for /usr)

Like for PREFIX=/opt/podman, and so on

[VorpalBlade]

I think it is reasonable to have ETCDIR actually default to /etc and not $PREFIX/etc.

It is perfectionably reasonable to have $PREFIX/etc as the normal case and /etc as a special case (for /usr)

Like for PREFIX=/opt/podman, and so on

Sure, and presumably the packager/builder could override ETCDIR to based on/not be based on PREFIX. So neither approach precludes the other option as being possible. At which point you should try to carter to the most common case by default.

Most distros like to install packages to /usr and configs to /etc. That is going to be by far the most common case. (Sure, there are exceptions like NixOS, but I don't think they install configs per package either, so that default wouldn't work for them.)

[Foxboron]

It is perfectionably reasonable to have $PREFIX/etc as the normal case and /etc as a special case (for /usr)

No, please stick with the proper established conventions.

It's hard enough figuring out what non-standard Makefile setups are doing when packaging applications.

https://www.gnu.org/software/make/manual/html_node/Directory-Variables.html

[afbjorklund]

Right, the good ole ./configure days. Where it does happily default to /usr/local/etc and /usr/local/var.

Anyway, as long as the packaged software does the expected and there are some makes variable to set...

[rhatdan]

As I read this, I believe this is not a Podman issue, so closing. Feel free to continue the conversation here.

[Luap99]

No this is very much a podman regression.