BUG: cannot run rstudio server in podman container

[h-vetinari]

When I first tried podman, the following was the core issue that forced me to abandon podman again (resp. at least try with the most current version; which lead to #2250). All the other little issues (cf. e.g containers/buildah#1456 or the others referenced in #2250) could be worked around with some effort, but I didn't find a solution to the following.

Say we have the following dockerfile, and call it podman_studio.dockrf:

FROM docker.io/library/ubuntu:bionic
ARG DEBIAN_FRONTEND=noninteractive

RUN apt-get update \
    && apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        r-base \
        # dependencies for rstudio-server
        libapparmor1 \
        libclang-dev \
        libedit2 \
        lsb-release \
        psmisc \
        sudo \
    # see https://www.rstudio.com/products/rstudio/download/preview/
    && curl https://s3.amazonaws.com/rstudio-ide-build/server/bionic/amd64/rstudio-server-1.2.1335-amd64.deb > rstudio.deb \
        && dpkg -i rstudio.deb \
        && rm rstudio.deb \
    && rm -rf /var/lib/apt/lists/*

# add a testuser user to be able to start rstudio server
ARG TEST_USER=test_user
RUN useradd -m $TEST_USER
RUN echo "$TEST_USER:password123" | chpasswd
RUN chown $TEST_USER:$TEST_USER /home/$TEST_USER/

CMD ["bash"]

This installs the current preview of RStudio Server into a container, and adds a test user. Building and running this with docker, one can start the server from inside the container:

$ sudo docker build -t docker_studio -f podman_studio.dockrf .
$ sudo docker run --rm -it -p 8082:8787 docker_studio 
root@dabf5ce514f2:/# rstudio-server start

One may then enter the logins we specified above:

And arrives at the actual R session:

Doing the same with podman (version 1.3.0-dev from the latest nightly), i.e.

$ sudo podman build -t podman_studio -f podman_studio.dockrf .
$ sudo podman run --rm -it -p 8082:8787 localhost/podman_studio
root@f652fa0e4e78:/# rstudio-server start

it's clear that something is there on localhost:8082; it forwards to /auth-sign-in, but never actually manages to load the page correctly.

[rhatdan]

@mheon @baude @giuseppe Could this be us not handling firewall rules correctly?

[giuseppe]

we have a similar report here: #2886

it can be caused by the firewall

[derkoe]

This looks different - #2886 describes the problem that ports cannot be accessed by another container on the same host.

@h-vetinari can you do a curl -v localhost:8082/auth-sign-in from the host - the browser does not show what's really happening here.

[h-vetinari]

Here's some outputs:

$ curl -v localhost:8082
* Rebuilt URL to: localhost:8082/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
> GET / HTTP/1.1
> Host: localhost:8082
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Content-Type: text/html
< Content-Length: 60
< Location: http://localhost:8082/unsupported_browser.htm
< Date: Thu, 11 Apr 2019 09:41:06 GMT
< Connection: close
< Server: RStudio
<
* Closing connection 0
http:&#x2F;&#x2F;localhost:8082&#x2F;unsupported_browser.htm

Then, following redirects:

$ curl -v -L localhost:8082
* Rebuilt URL to: localhost:8082/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
> GET / HTTP/1.1
> Host: localhost:8082
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Content-Type: text/html
< Content-Length: 60
< Location: http://localhost:8082/unsupported_browser.htm
< Date: Thu, 11 Apr 2019 09:41:54 GMT
< Connection: close
< Server: RStudio
<
* Closing connection 0
* Issue another request to this URL: 'http://localhost:8082/unsupported_browser.htm'
* Hostname localhost was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#1)
> GET /unsupported_browser.htm HTTP/1.1
> Host: localhost:8082
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Content-Type: text/html
< Date: Thu, 11 Apr 2019 09:41:54 GMT
< Connection: close
< Server: RStudio
< Content-Length: 0
<
* Closing connection 1

And finally, by faking an appropriate user-agent:

$ curl -v -L -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" localhost:8082
* Rebuilt URL to: localhost:8082/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#0)
> GET / HTTP/1.1
> Host: localhost:8082
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Content-Type: text/html
< Content-Length: 49
< Location: http://localhost:8082/auth-sign-in
< Date: Thu, 11 Apr 2019 09:42:23 GMT
< Connection: close
< Server: RStudio
<
* Closing connection 0
* Issue another request to this URL: 'http://localhost:8082/auth-sign-in'
* Hostname localhost was found in DNS cache
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8082 (#1)
> GET /auth-sign-in HTTP/1.1
> Host: localhost:8082
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Set-Cookie: user-id=; expires=Tue, 9-Apr-2019 23:59:59 GMT; path=/; HttpOnly
< X-Frame-Options: DENY
< Content-Type: text/html
< Date: Thu, 11 Apr 2019 09:42:23 GMT
< Connection: close
< Server: RStudio
< Content-Length: 0
<
* Closing connection 1

[derkoe]

OK - this does not look like a podman problem. The requests are forwarded to the server/port.

Maybe the RStudio server is not configured correctly (it looks like the virtual host "localhost:8082") might be the problem.

[h-vetinari]

OK - this does not look like a podman problem.

Respectfully, with podman advertising that alias docker=podman, it is a podman problem too.

Happy to help debugging that, but it works out of the box with docker.

[derkoe]

Just tried this with podman and on my machine (CentOS 7.6 on Azure) it works without any issues.

Started the server with:

$ sudo podman run --rm -it -p 8082:8787 localhost/podman_test
root@f68c5653a91c:/# rstudio-server start

Then on the host machine - this is what I get:

$ curl -v -L -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36" localhost:8082
* About to connect() to localhost port 8082 (#0)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8082 (#0)
> GET / HTTP/1.1
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
> Host: localhost:8082
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Content-Type: text/html
< Content-Length: 49
< Location: http://localhost:8082/auth-sign-in
< Date: Thu, 11 Apr 2019 20:01:02 GMT
< Connection: close
< Server: RStudio
<
* Closing connection 0
* Issue another request to this URL: 'http://localhost:8082/auth-sign-in'
* About to connect() to localhost port 8082 (#1)
*   Trying ::1...
* Connection refused
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8082 (#1)
> GET /auth-sign-in HTTP/1.1
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
> Host: localhost:8082
> Accept: */*
>
< HTTP/1.1 200 OK
< Set-Cookie: user-id=; expires=Tue, 9-Apr-2019 23:59:59 GMT; path=/; HttpOnly
< X-Frame-Options: DENY
< Content-Type: text/html
< Content-Length: 6028
< Date: Thu, 11 Apr 2019 20:01:02 GMT
< Connection: close
< Server: RStudio
<
<!DOCTYPE html>

<!--
#
# encrypted-sign-in.htm
....

[mheon]

Probably environment-specific, then.
@h-vetinari Anything from podman logs on the container stick out?

[mheon]

Hm. Logs might not be the most useful, since you're starting the application manually... Any way to get more debug output out of rstudio-server?

[h-vetinari]

One more bit of information:
I tried a cross check with manually transferring the docker build to podman and the podman build to docker.

It might be buildah issue after all?

built by \ run by	podman	docker
podman	HTTP/1.1 404 Not Found	HTTP/1.1 404 Not Found
docker	shows login	shows login

---

@derkoe: Just tried this with podman and on my machine (CentOS 7.6 on Azure) it works without any issues.

Which version of podman? I tried again with the latest nightly without a difference.

Also, did you try to login with test_user:password123? Even when I came to the login-page by podman-running the docker-built image, I got an error later (note, I'm not saying this build-by-one-run-by-the-other is in scope; just as a reference point):

@mheon: Probably environment-specific, then.

Shouldn't the container abstract all that away?

@mheon: Hm. Logs might not be the most useful, since you're starting the application manually... Any way to get more debug output out of rstudio-server?

Unfortunately I can't invest more time today... Will try to check later.

[mheon]

Alright, image issues would make sense. @TomSweeneyRedHat PTAL

[h-vetinari]

@TomSweeneyRedHat
Any news on this? :)

[rhatdan]

@mheon why do you think this is an image issue?

[mheon]

@rhatdan Image, built by Docker, run by Podman works. Image, build by Buildah, run by Podman, does not work. Seems like it's the image based on that

[TomSweeneyRedHat]

Sorry @h-vetinari I've not had time to dive into it, chasing other fires.

[derkoe]

@derkoe: Just tried this with podman and on my machine (CentOS 7.6 on Azure) it works without any issues.
Which version of podman? I tried again with the latest nightly without a difference.

@h-vetinari I used the version that ships with CentOS: 0.12.1.2

[rhatdan]

@derkoe Is there any differences you see in the environment set for the container image?

[h-vetinari]

@rhatdan: @derkoe Is there any differences you see in the environment set for the container image?

I'm using podman on Ubuntu 18.04, installed through the PPA. Otherwise, everything else is default on my end.

[rhatdan]

I am asking you to inspect the docker build verus the podman build and see if you see anything obvious.

[mheon]

Agree - if you can pastebin the output of podman inspect for both images, it would help a lot

[h-vetinari]

@rhatdan: I am asking you to inspect the docker build verus the podman build and see if you see anything obvious.

OK, no problem. Your last comment started with @derkoe, so it didn't seem aimed at me. See below. BTW, I also had a look with the newest PPA (esp. since the updated buildah vendor), but the issue persists.

@mheon: Agree - if you can pastebin the output of podman inspect for both images, it would help a lot

Here's the output. To clarify vs. OP: I used

sudo docker build -t docker_studio -f podman_test.dockrf .
sudo docker save docker_studio > docker_studio.tar
sudo podman load -i docker_studio.tar
sudo podman build -t podman_studio -f podman_test.dockrf .

for the two images. Then the output of the various inspect commands is as follows. Let me know if there's something more you'd need.

sudo podman inspect localhost/docker_studio

[
    {
        "Id": "3a440d75e12a82e469c77177a4546212d6f9e55a30136339210e948ef22e843a",
        "Digest": "sha256:457cae77c891844bff5e29dd24607961154491fa7f3e0eb6e87a7210665fb871",
        "RepoTags": [
            "localhost/docker_studio:latest"
        ],
        "RepoDigests": [
            "localhost/docker_studio@sha256:457cae77c891844bff5e29dd24607961154491fa7f3e0eb6e87a7210665fb871"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2019-04-23T19:57:44.877609242Z",
        "Config": {
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "bash"
            ]
        },
        "Version": "18.09.4",
        "Author": "",
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 1135000655,
        "VirtualSize": 1135000655,
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/var/lib/containers/storage/overlay/d32d3a4b17a145e2c2a96d6c3192d340a0b2ae8dbfc1c89efb179de692189a53/diff:/var/lib/containers/storage/overlay/2cb27f73047300b7330cf5081e036d6deeabf849e4fb25c15878dce714db3793/diff:/var/lib/containers/storage/overlay/4a77846b711527f525515e6e7fb97c53d605ee71aa11557c9fd102ed91ca0032/diff:/var/lib/containers/storage/overlay/1247317310dab30a115d9096780676c1dcb79acdba5c975653f3cd4da7ad9a85/diff:/var/lib/containers/storage/overlay/4b6ca5cae31919bb22f76b2de662a22919f78339c3f975336c7eacb3eb43093c/diff:/var/lib/containers/storage/overlay/f03e2da849b45acfcb4824e392d435bad4f8bc7520c225fd634644bc5980dac6/diff:/var/lib/containers/storage/overlay/762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9/diff",
                "MergedDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/merged",
                "UpperDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/diff",
                "WorkDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/work"
            }
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9",
                "sha256:e45cfbc98a505924878945fdb23138b8be5d2fbe8836c6a5ab1ac31afd28aa69",
                "sha256:d60e01b37e74f12aa90456c74e161f3a3e7c690b056c2974407c9e1f4c51d25b",
                "sha256:b57c79f4a9f3f7e87b38c17ab61a55428d3391e417acaa5f2f761c0e7e3af409",
                "sha256:545c46d8e4030ce0cfd6349bb86b350361804730a506b00c5b5d2454a347d707",
                "sha256:526b96253222b9fc8ac11d081279f3b804afa0fc1bd283bff020ffaf90c5dfa7",
                "sha256:87dae2a938ffeec7267701594f14644dbda78ba01004f246958dd0e99465c529",
                "sha256:7ab4327f55c759f3f20b2f16f5d91db33656569f75f1546a309d647abafe0388"
            ]
        },
        "Labels": null,
        "Annotations": {},
        "ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
        "User": "",
        "History": [
            {
                "created": "2019-03-12T00:20:11.822070833Z",
                "created_by": "/bin/sh -c #(nop) ADD file:1d7cb45c4e196a6a84319b976b95ce1a9037c40b085e88350c071bf27ff59166 in / "
            },
            {
                "created": "2019-03-12T00:20:12.662768662Z",
                "created_by": "/bin/sh -c set -xe \t\t&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \t&& echo 'exit 101' >> /usr/sbin/policy-rc.d \t&& chmod +x /usr/sbin/policy-rc.d \t\t&& dpkg-divert --local --rename --add /sbin/initctl \t&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \t&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t&& echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' > /etc/apt/apt.conf.d/docker-clean \t&& echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' >> /etc/apt/apt.conf.d/docker-clean \t&& echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' >> /etc/apt/apt.conf.d/docker-clean \t\t&& echo 'Acquire::Languages \"none\";' > /etc/apt/apt.conf.d/docker-no-languages \t\t&& echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' > /etc/apt/apt.conf.d/docker-gzip-indexes \t\t&& echo 'Apt::AutoRemove::SuggestsImportant \"false\";' > /etc/apt/apt.conf.d/docker-autoremove-suggests"
            },
            {
                "created": "2019-03-12T00:20:13.40256317Z",
                "created_by": "/bin/sh -c rm -rf /var/lib/apt/lists/*"
            },
            {
                "created": "2019-03-12T00:20:17.242000095Z",
                "created_by": "/bin/sh -c mkdir -p /run/systemd && echo 'docker' > /run/systemd/container"
            },
            {
                "created": "2019-03-12T00:20:17.419392342Z",
                "created_by": "/bin/sh -c #(nop)  CMD [\"/bin/bash\"]",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:53:31.641565317Z",
                "created_by": "/bin/sh -c #(nop)  ARG DEBIAN_FRONTEND=noninteractive",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:57:23.347419577Z",
                "created_by": "|1 DEBIAN_FRONTEND=noninteractive /bin/sh -c apt-get update     && apt-get install -y --no-install-recommends         ca-certificates         curl         r-base         libapparmor1         libclang-dev         libedit2         lsb-release         psmisc         sudo     && curl https://s3.amazonaws.com/rstudio-ide-build/server/bionic/amd64/rstudio-server-1.2.1335-amd64.deb > rstudio.deb         && dpkg -i rstudio.deb         && rm rstudio.deb     && rm -rf /var/lib/apt/lists/*"
            },
            {
                "created": "2019-04-23T19:57:32.636737491Z",
                "created_by": "/bin/sh -c #(nop)  ARG TEST_USER=test_user",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:57:37.374368603Z",
                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c useradd -m $TEST_USER"
            },
            {
                "created": "2019-04-23T19:57:40.702760797Z",
                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c echo \"$TEST_USER:password123\" | chpasswd"
            },
            {
                "created": "2019-04-23T19:57:44.034859347Z",
                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c chown $TEST_USER:$TEST_USER /home/$TEST_USER/"
            },
            {
                "created": "2019-04-23T19:57:44.877609242Z",
                "created_by": "/bin/sh -c #(nop)  CMD [\"bash\"]",
                "empty_layer": true
            }
        ]
    }
]

sudo podman inspect localhost/podman_studio

[
    {
        "Id": "834e963c58006a9d797e0db3397cf3869634e735f63af767dd72a13d016dba1b",
        "Digest": "sha256:3817da4e791757b13f8b0e7f40ad41d3361a2021ea1c993fe9a06265fd917061",
        "RepoTags": [
            "localhost/podman_studio:latest"
        ],
        "RepoDigests": [
            "localhost/podman_studio@sha256:3817da4e791757b13f8b0e7f40ad41d3361a2021ea1c993fe9a06265fd917061"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2019-04-23T19:49:54.878609783Z",
        "Config": {
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "bash"
            ]
        },
        "Version": "",
        "Author": "",
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 1134887446,
        "VirtualSize": 1134887446,
        "GraphDriver": {
            "Name": "overlay",
            "Data": {
                "LowerDir": "/var/lib/containers/storage/overlay/908aa686cfa77fb400b91fec3f6691eaa8ab3ae491e9a20e9c0f015628e94ee2/diff:/var/lib/containers/storage/overlay/891781a5e70ec118cf4900bd6b87cf9a27a867139244f1c29ad14e3b5871d294/diff:/var/lib/containers/storage/overlay/55548da76d9d3b456048860cf7e39f45b36d132309033c0dcd3c6af10515bcef/diff:/var/lib/containers/storage/overlay/82ff5107861d0f2f5dc66d1354d8bdcf79a9813fed20a791e7556801f6d85c65/diff:/var/lib/containers/storage/overlay/1247317310dab30a115d9096780676c1dcb79acdba5c975653f3cd4da7ad9a85/diff:/var/lib/containers/storage/overlay/4b6ca5cae31919bb22f76b2de662a22919f78339c3f975336c7eacb3eb43093c/diff:/var/lib/containers/storage/overlay/f03e2da849b45acfcb4824e392d435bad4f8bc7520c225fd634644bc5980dac6/diff:/var/lib/containers/storage/overlay/762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9/diff",
                "MergedDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/merged",
                "UpperDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/diff",
                "WorkDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/work"
            }
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9",
                "sha256:e45cfbc98a505924878945fdb23138b8be5d2fbe8836c6a5ab1ac31afd28aa69",
                "sha256:d60e01b37e74f12aa90456c74e161f3a3e7c690b056c2974407c9e1f4c51d25b",
                "sha256:b57c79f4a9f3f7e87b38c17ab61a55428d3391e417acaa5f2f761c0e7e3af409",
                "sha256:cf6d0edbe83424fef98d8c53c28f488d17e444e300f96809a2dad70d4baa3895",
                "sha256:06e3c78c93ad6e65ce9b64799b8a57a2f1bc8477fe2ab00e49ca222c3234e15f",
                "sha256:02805bd8ea7558ae4f715f4e4f533750be5c8932bbbf0304b269d5fe595f55cd",
                "sha256:0ba560506dcbbf7091c2feaf5978104f9d8f94076573212d2c2b796acbf840bb",
                "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
            ]
        },
        "Labels": null,
        "Annotations": {},
        "ManifestType": "application/vnd.oci.image.manifest.v1+json",
        "User": "",
        "History": [
            {
                "created": "2019-03-12T00:20:11.822070833Z",
                "created_by": "/bin/sh -c #(nop) ADD file:1d7cb45c4e196a6a84319b976b95ce1a9037c40b085e88350c071bf27ff59166 in / "
            },
            {
                "created": "2019-03-12T00:20:12.662768662Z",
                "created_by": "/bin/sh -c set -xe \t\t&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \t&& echo 'exit 101' >> /usr/sbin/policy-rc.d \t&& chmod +x /usr/sbin/policy-rc.d \t\t&& dpkg-divert --local --rename --add /sbin/initctl \t&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \t&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \t\t&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \t\t&& echo 'DPkg::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' > /etc/apt/apt.conf.d/docker-clean \t&& echo 'APT::Update::Post-Invoke { \"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true\"; };' >> /etc/apt/apt.conf.d/docker-clean \t&& echo 'Dir::Cache::pkgcache \"\"; Dir::Cache::srcpkgcache \"\";' >> /etc/apt/apt.conf.d/docker-clean \t\t&& echo 'Acquire::Languages \"none\";' > /etc/apt/apt.conf.d/docker-no-languages \t\t&& echo 'Acquire::GzipIndexes \"true\"; Acquire::CompressionTypes::Order:: \"gz\";' > /etc/apt/apt.conf.d/docker-gzip-indexes \t\t&& echo 'Apt::AutoRemove::SuggestsImportant \"false\";' > /etc/apt/apt.conf.d/docker-autoremove-suggests"
            },
            {
                "created": "2019-03-12T00:20:13.40256317Z",
                "created_by": "/bin/sh -c rm -rf /var/lib/apt/lists/*"
            },
            {
                "created": "2019-03-12T00:20:17.242000095Z",
                "created_by": "/bin/sh -c mkdir -p /run/systemd && echo 'docker' > /run/systemd/container"
            },
            {
                "created": "2019-03-12T00:20:17.419392342Z",
                "created_by": "/bin/sh -c #(nop)  CMD [\"/bin/bash\"]",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:41:17.039050939Z",
                "created_by": "/bin/sh -c #(nop) ARG DEBIAN_FRONTEND=noninteractive",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:46:22.879455987Z",
                "created_by": "/bin/sh -c apt-get update     && apt-get install -y --no-install-recommends         ca-certificates         curl         r-base         libapparmor1         libclang-dev         libedit2         lsb-release         psmisc         sudo     && curl https://s3.amazonaws.com/rstudio-ide-build/server/bionic/amd64/rstudio-server-1.2.1335-amd64.deb > rstudio.deb         && dpkg -i rstudio.deb         && rm rstudio.deb     && rm -rf /var/lib/apt/lists/*"
            },
            {
                "created": "2019-04-23T19:49:45.141767997Z",
                "created_by": "/bin/sh -c #(nop) ARG TEST_USER=test_user",
                "empty_layer": true
            },
            {
                "created": "2019-04-23T19:49:47.565846428Z",
                "created_by": "/bin/sh -c useradd -m $TEST_USER"
            },
            {
                "created": "2019-04-23T19:49:50.528353449Z",
                "created_by": "/bin/sh -c echo \"$TEST_USER:password123\" | chpasswd"
            },
            {
                "created": "2019-04-23T19:49:53.366522214Z",
                "created_by": "/bin/sh -c chown $TEST_USER:$TEST_USER /home/$TEST_USER/"
            },
            {
                "created": "2019-04-23T19:49:54.878609783Z",
                "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]"
            }
        ]
    }
]

diff from inspect localhost/docker_studio to inspect localhost/podman_studio

@@ -1,16 +1,16 @@
 [
     {
-        "Id": "3a440d75e12a82e469c77177a4546212d6f9e55a30136339210e948ef22e843a",
-        "Digest": "sha256:457cae77c891844bff5e29dd24607961154491fa7f3e0eb6e87a7210665fb871",
+        "Id": "834e963c58006a9d797e0db3397cf3869634e735f63af767dd72a13d016dba1b",
+        "Digest": "sha256:3817da4e791757b13f8b0e7f40ad41d3361a2021ea1c993fe9a06265fd917061",
         "RepoTags": [
-            "localhost/docker_studio:latest"
+            "localhost/podman_studio:latest"
         ],
         "RepoDigests": [
-            "localhost/docker_studio@sha256:457cae77c891844bff5e29dd24607961154491fa7f3e0eb6e87a7210665fb871"
+            "localhost/podman_studio@sha256:3817da4e791757b13f8b0e7f40ad41d3361a2021ea1c993fe9a06265fd917061"
         ],
         "Parent": "",
         "Comment": "",
-        "Created": "2019-04-23T19:57:44.877609242Z",
+        "Created": "2019-04-23T19:49:54.878609783Z",
         "Config": {
             "Env": [
                 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -19,19 +19,19 @@
                 "bash"
             ]
         },
-        "Version": "18.09.4",
+        "Version": "",
         "Author": "",
         "Architecture": "amd64",
         "Os": "linux",
-        "Size": 1135000655,
-        "VirtualSize": 1135000655,
+        "Size": 1134887446,
+        "VirtualSize": 1134887446,
         "GraphDriver": {
             "Name": "overlay",
             "Data": {
-                "LowerDir": "/var/lib/containers/storage/overlay/d32d3a4b17a145e2c2a96d6c3192d340a0b2ae8dbfc1c89efb179de692189a53/diff:/var/lib/containers/storage/overlay/2cb27f73047300b7330cf5081e036d6deeabf849e4fb25c15878dce714db3793/diff:/var/lib/containers/storage/overlay/4a77846b711527f525515e6e7fb97c53d605ee71aa11557c9fd102ed91ca0032/diff:/var/lib/containers/storage/overlay/1247317310dab30a115d9096780676c1dcb79acdba5c975653f3cd4da7ad9a85/diff:/var/lib/containers/storage/overlay/4b6ca5cae31919bb22f76b2de662a22919f78339c3f975336c7eacb3eb43093c/diff:/var/lib/containers/storage/overlay/f03e2da849b45acfcb4824e392d435bad4f8bc7520c225fd634644bc5980dac6/diff:/var/lib/containers/storage/overlay/762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9/diff",
-                "MergedDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/merged",
-                "UpperDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/diff",
-                "WorkDir": "/var/lib/containers/storage/overlay/59cfe2c7de5573a567aa50bb7bed3b1477e2fa8b05f1e2b713647b7120d10559/work"
+                "LowerDir": "/var/lib/containers/storage/overlay/908aa686cfa77fb400b91fec3f6691eaa8ab3ae491e9a20e9c0f015628e94ee2/diff:/var/lib/containers/storage/overlay/891781a5e70ec118cf4900bd6b87cf9a27a867139244f1c29ad14e3b5871d294/diff:/var/lib/containers/storage/overlay/55548da76d9d3b456048860cf7e39f45b36d132309033c0dcd3c6af10515bcef/diff:/var/lib/containers/storage/overlay/82ff5107861d0f2f5dc66d1354d8bdcf79a9813fed20a791e7556801f6d85c65/diff:/var/lib/containers/storage/overlay/1247317310dab30a115d9096780676c1dcb79acdba5c975653f3cd4da7ad9a85/diff:/var/lib/containers/storage/overlay/4b6ca5cae31919bb22f76b2de662a22919f78339c3f975336c7eacb3eb43093c/diff:/var/lib/containers/storage/overlay/f03e2da849b45acfcb4824e392d435bad4f8bc7520c225fd634644bc5980dac6/diff:/var/lib/containers/storage/overlay/762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9/diff",
+                "MergedDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/merged",
+                "UpperDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/diff",
+                "WorkDir": "/var/lib/containers/storage/overlay/14e3a0b7c27dd5a0ac35221ba9804dbefe202714f05c0257e0f54d46c586348d/work"
             }
         },
         "RootFS": {
@@ -41,15 +41,16 @@
                 "sha256:e45cfbc98a505924878945fdb23138b8be5d2fbe8836c6a5ab1ac31afd28aa69",
                 "sha256:d60e01b37e74f12aa90456c74e161f3a3e7c690b056c2974407c9e1f4c51d25b",
                 "sha256:b57c79f4a9f3f7e87b38c17ab61a55428d3391e417acaa5f2f761c0e7e3af409",
-                "sha256:545c46d8e4030ce0cfd6349bb86b350361804730a506b00c5b5d2454a347d707",
-                "sha256:526b96253222b9fc8ac11d081279f3b804afa0fc1bd283bff020ffaf90c5dfa7",
-                "sha256:87dae2a938ffeec7267701594f14644dbda78ba01004f246958dd0e99465c529",
-                "sha256:7ab4327f55c759f3f20b2f16f5d91db33656569f75f1546a309d647abafe0388"
+                "sha256:cf6d0edbe83424fef98d8c53c28f488d17e444e300f96809a2dad70d4baa3895",
+                "sha256:06e3c78c93ad6e65ce9b64799b8a57a2f1bc8477fe2ab00e49ca222c3234e15f",
+                "sha256:02805bd8ea7558ae4f715f4e4f533750be5c8932bbbf0304b269d5fe595f55cd",
+                "sha256:0ba560506dcbbf7091c2feaf5978104f9d8f94076573212d2c2b796acbf840bb",
+                "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
             ]
         },
         "Labels": null,
         "Annotations": {},
-        "ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
+        "ManifestType": "application/vnd.oci.image.manifest.v1+json",
         "User": "",
         "History": [
             {
@@ -74,35 +75,34 @@
                 "empty_layer": true
             },
             {
-                "created": "2019-04-23T19:53:31.641565317Z",
-                "created_by": "/bin/sh -c #(nop)  ARG DEBIAN_FRONTEND=noninteractive",
+                "created": "2019-04-23T19:41:17.039050939Z",
+                "created_by": "/bin/sh -c #(nop) ARG DEBIAN_FRONTEND=noninteractive",
                 "empty_layer": true
             },
             {
-                "created": "2019-04-23T19:57:23.347419577Z",
-                "created_by": "|1 DEBIAN_FRONTEND=noninteractive /bin/sh -c apt-get update     && apt-get install -y --no-install-recommends         ca-certificates         curl         r-base         libapparmor1         libclang-dev         libedit2         lsb-release         psmisc         sudo     && curl https://s3.amazonaws.com/rstudio-ide-build/server/bionic/amd64/rstudio-server-1.2.1335-amd64.deb > rstudio.deb         && dpkg -i rstudio.deb         && rm rstudio.deb     && rm -rf /var/lib/apt/lists/*"
+                "created": "2019-04-23T19:46:22.879455987Z",
+                "created_by": "/bin/sh -c apt-get update     && apt-get install -y --no-install-recommends         ca-certificates         curl         r-base         libapparmor1         libclang-dev         libedit2         lsb-release         psmisc         sudo     && curl https://s3.amazonaws.com/rstudio-ide-build/server/bionic/amd64/rstudio-server-1.2.1335-amd64.deb > rstudio.deb         && dpkg -i rstudio.deb         && rm rstudio.deb     && rm -rf /var/lib/apt/lists/*"
             },
             {
-                "created": "2019-04-23T19:57:32.636737491Z",
-                "created_by": "/bin/sh -c #(nop)  ARG TEST_USER=test_user",
+                "created": "2019-04-23T19:49:45.141767997Z",
+                "created_by": "/bin/sh -c #(nop) ARG TEST_USER=test_user",
                 "empty_layer": true
             },
             {
-                "created": "2019-04-23T19:57:37.374368603Z",
-                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c useradd -m $TEST_USER"
+                "created": "2019-04-23T19:49:47.565846428Z",
+                "created_by": "/bin/sh -c useradd -m $TEST_USER"
             },
             {
-                "created": "2019-04-23T19:57:40.702760797Z",
-                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c echo \"$TEST_USER:password123\" | chpasswd"
+                "created": "2019-04-23T19:49:50.528353449Z",
+                "created_by": "/bin/sh -c echo \"$TEST_USER:password123\" | chpasswd"
             },
             {
-                "created": "2019-04-23T19:57:44.034859347Z",
-                "created_by": "|2 DEBIAN_FRONTEND=noninteractive TEST_USER=test_user /bin/sh -c chown $TEST_USER:$TEST_USER /home/$TEST_USER/"
+                "created": "2019-04-23T19:49:53.366522214Z",
+                "created_by": "/bin/sh -c chown $TEST_USER:$TEST_USER /home/$TEST_USER/"
             },
             {
-                "created": "2019-04-23T19:57:44.877609242Z",
-                "created_by": "/bin/sh -c #(nop)  CMD [\"bash\"]",
-                "empty_layer": true
+                "created": "2019-04-23T19:49:54.878609783Z",
+                "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]"
             }
         ]
     }

sudo docker inspect docker_studio

[
    {
        "Id": "sha256:3a440d75e12a82e469c77177a4546212d6f9e55a30136339210e948ef22e843a",
        "RepoTags": [
            "docker_studio:latest"
        ],
        "RepoDigests": [],
        "Parent": "sha256:616e69febed606d14d12e848349cae9e4b82716070fb0941b0f746f85216eb5a",
        "Comment": "",
        "Created": "2019-04-23T19:57:44.877609242Z",
        "Container": "a2b3c4be22a0800cedb9348c5df96ba59d6e7db0b1552bdd49492e3363e99afa",
        "ContainerConfig": {
            "Hostname": "a2b3c4be22a0",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"bash\"]"
            ],
            "ArgsEscaped": true,
            "Image": "sha256:616e69febed606d14d12e848349cae9e4b82716070fb0941b0f746f85216eb5a",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "DockerVersion": "18.09.4",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "bash"
            ],
            "ArgsEscaped": true,
            "Image": "sha256:616e69febed606d14d12e848349cae9e4b82716070fb0941b0f746f85216eb5a",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 1123185672,
        "VirtualSize": 1123185672,
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/adf40a2ac2c12496510260274786e571c0f079ba0359fd9f4a9d1ba485d0b5cf/diff:/var/lib/docker/overlay2/6d5b33cba6ae34d0b71b4227b32bc4b2899b87fa29644c3413d352e8d8bfe3f2/diff:/var/lib/docker/overlay2/45f85dbe042f51188583c8459a8f265e91c59cde1841cbaa59e67b45f72f60a5/diff:/var/lib/docker/overlay2/6aad1b20b2b56f86aad8683fb3484c3acf4f8ba4636585f958a91029c47d4f17/diff:/var/lib/docker/overlay2/1a64386440607b5f27c2b7e5a38381965b9852fd0da680bb33cd885a33609621/diff:/var/lib/docker/overlay2/1569a0a9a6aacd1a657eb203f082d32bc36d3433554839e6d8b6738ce6f1dd3a/diff:/var/lib/docker/overlay2/65f3907cbdc4efe2b016ff614085d0bd12e6866687962afa79873b661ce55bcd/diff",
                "MergedDir": "/var/lib/docker/overlay2/fad0f5a8141e568f5099b8e184348852e1cbd67e8c8b808ec6a78e6f8eef671a/merged",
                "UpperDir": "/var/lib/docker/overlay2/fad0f5a8141e568f5099b8e184348852e1cbd67e8c8b808ec6a78e6f8eef671a/diff",
                "WorkDir": "/var/lib/docker/overlay2/fad0f5a8141e568f5099b8e184348852e1cbd67e8c8b808ec6a78e6f8eef671a/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:762d8e1a60542b83df67c13ec0d75517e5104dee84d8aa7fe5401113f89854d9",
                "sha256:e45cfbc98a505924878945fdb23138b8be5d2fbe8836c6a5ab1ac31afd28aa69",
                "sha256:d60e01b37e74f12aa90456c74e161f3a3e7c690b056c2974407c9e1f4c51d25b",
                "sha256:b57c79f4a9f3f7e87b38c17ab61a55428d3391e417acaa5f2f761c0e7e3af409",
                "sha256:545c46d8e4030ce0cfd6349bb86b350361804730a506b00c5b5d2454a347d707",
                "sha256:526b96253222b9fc8ac11d081279f3b804afa0fc1bd283bff020ffaf90c5dfa7",
                "sha256:87dae2a938ffeec7267701594f14644dbda78ba01004f246958dd0e99465c529",
                "sha256:7ab4327f55c759f3f20b2f16f5d91db33656569f75f1546a309d647abafe0388"
            ]
        },
        "Metadata": {
            "LastTagTime": "2019-04-23T19:57:45.213379491Z"
        }
    }
]

[mheon]

On top of the actual diff from inspect, I'll note that the Docker-built image is probably Docker formatted, while Buildah made an OCIv1 image (unless explicitly told not to)

[h-vetinari]

@mheon
I'm guessing you're referring to:

         "Labels": null,
         "Annotations": {},
-        "ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
+        "ManifestType": "application/vnd.oci.image.manifest.v1+json",
         "User": "",
         "History": [

After a little googling, I can't seem to find a way to change the ManifestType used by docker build. Buildah can at least read the docker manifest (for importing), but can it also write using this manifest type?

Do you think that somehow this is a case where there's a delta between what docker can do (or has implemented) vs. the capabilities of the OCI image spec?

[rhatdan]

In Buildah do --format docker
buildah bud --format docker ...

And then see if the container works, although I would doubt this is the issue.

[h-vetinari]

@rhatdan
As you guessed, no change when using sudo buildah bud --format docker .... Any other things you want me to try?

[rhatdan]

This is working for me in podman.

rpm -q podman
podman-1.2.0-2.git3bd528e.fc30.x86_64

podman run --rm -it -p 8082:8787 localhost/podman_test

root@5244c2c286fa:/# rstudio-server start
root@5244c2c286fa:/#

[h-vetinari]

@rhatdan
Thanks for testing this yourself. It might be a quirk/bug in how the ubuntu PPA is built? I'm out of ideas otherwise. It does however also fail on RHEL 7.6 with podman 0.12 (the latest version available through extras).

Also, did you try to log in with the credentials that are set in the dockerfile (test_user:password123)? That's where podman-running-docker-built-container ended up failing as well, even though I got through the login.

[rhatdan]

No I did not try that, Could you attempt to build podman from master and see if it works there on ubuntu.
This could be a firewall problem.

[rhatdan]

Login works.

[h-vetinari]

I tried to build podman today, but installing the required dependencies on the machine I have available would uninstall docker-ce, which I can't do because it's in active use for other purposes. I'll have to start a new VM and try some other time.

[rhatdan]

Yes docker-ce is providing runc, even though it does not provide it, and this blocking some installations of Podman. Could you open an issue with Docker asking them to fix their packaging. They should either use the runc packaged with the distro or put their packaged runc into a private directory.

[h-vetinari]

@rhatdan
I built podman from master on a fresh ubuntu VM (will send a PR to update install docs when I get around), and can now get through the login.

Also retested with the latest PPA, where it continues to not work. Based on that, I'd say this is a bug in the way the ubuntu PPA is set up? @lsm5

[h-vetinari]

@rhatdan @lsm5 @mheon
To double-check, I also tried to build podman on fresh RHEL 7.4 and 7.6 machines (which is quite a pain without a subscription-manager; i.e. on Azure), but both work. I did however encounter a bug in the interplay between podman/selinux/runc, xref #3045

Summing up: following the build instructions (as closely as possible) leads to a podman build that does not have the issue in the OP. Consequently, this issue seems to be a problem with the way the .deb-files are built. Unfortunately, I have no internet access on our production machine, so I need to manually some images outside and transfer them manually (which is where the ubuntu PPA comes in)...

[h-vetinari]

@rhatdan: Yes docker-ce is providing runc, even though it does not provide it, and this blocking some installations of Podman. Could you open an issue with Docker asking them to fix their packaging. They should either use the runc packaged with the distro or put their packaged runc into a private directory.

I looked at opening an issue at moby, but it seems that while they're waiting for runc 1.0.0, they have decided to solidify the "provides runc", see here

See also https://github.com/containerd/containerd/blob/master/RUNC.md...

Do you still think it's worth filing an issue to stop providing runc?

[rhatdan]

Yes please do.

[h-vetinari]

Done.

How can we move the needle on this issue with (very likely) the ubuntu packaging?

[h-vetinari]

@rhatdan: Yes please do.

@h-vetinari: Done

Please feel free to chime in in the issue I opened on the moby tracker.

[rhatdan]

Not sure that will help. :^)

[h-vetinari]

@h-vetinari: How can we move the needle on this issue with (very likely) the ubuntu packaging?

@rhatdan @lsm5
Anything I can do to help with this? I filed #3068 for the installation docs update - with the installation steps outlined for ubuntu, I get a build that does not have the issue described in the OP.

[h-vetinari]

After getting to try out the new podman 1.3.2 (following #3044), I can report that the problem has been fixed also in the rhel-packaged world. Thanks everyone here for the help and @fatherlinux for delivering the extras-version-bump early!