Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted #8921

Closed
avagin opened this issue May 4, 2023 · 20 comments
Closed

can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted #8921

avagin opened this issue May 4, 2023 · 20 comments
Assignees
@ayushr2

Comments

@avagin
Copy link
Collaborator

avagin commented May 4, 2023 

          The wrapper provided in https://github.com/google/gvisor/issues/311#issuecomment-1121668954 worked for me to use runsc in rootless podman, but it's broken again recently (in `20230320.0` and also the version before it, it worked in 2 versions before that one). I'm getting this from runsc's debug log:

$ cat /tmp/runsc/runsc.log..20230323-101913.399926.create
I0323 10:19:13.400219  108938 main.go:222] ***************************
I0323 10:19:13.400376  108938 main.go:223] Args: [/usr/bin/runsc --network host --ignore-cgroups --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/fishy/.local/share/containers/storage/overlay-containers/71b85f92c1756e2f6e10da0ef005dbfb8584164a52e2c694ae1c051f678547f7/userdata --pid-file /run/user/1000/containers/overlay-containers/71b85f92c1756e2f6e10da0ef005dbfb8584164a52e2c694ae1c051f678547f7/userdata/pidfile 71b85f92c1756e2f6e10da0ef005dbfb8584164a52e2c694ae1c051f678547f7]
I0323 10:19:13.400483  108938 main.go:224] Version release-20230320.0
I0323 10:19:13.400544  108938 main.go:225] GOOS: linux
I0323 10:19:13.400603  108938 main.go:226] GOARCH: amd64
I0323 10:19:13.400664  108938 main.go:227] PID: 108938
I0323 10:19:13.400728  108938 main.go:228] UID: 0, GID: 0
I0323 10:19:13.400789  108938 main.go:229] Configuration:
I0323 10:19:13.400848  108938 main.go:230]              RootDir: /run/user/1000/runsc
I0323 10:19:13.400908  108938 main.go:231]              Platform: ptrace
I0323 10:19:13.400967  108938 main.go:232]              FileAccess: exclusive
I0323 10:19:13.401031  108938 main.go:233]              Directfs: false
I0323 10:19:13.401091  108938 main.go:235]              Overlay: Root=true, SubMounts=false, Medium="self"
I0323 10:19:13.401153  108938 main.go:236]              Network: host, logging: false
I0323 10:19:13.401217  108938 main.go:237]              Strace: false, max size: 1024, syscalls: 
I0323 10:19:13.401277  108938 main.go:238]              IOURING: false
I0323 10:19:13.401337  108938 main.go:239]              Debug: false
I0323 10:19:13.401397  108938 main.go:240]              Systemd: true
I0323 10:19:13.401456  108938 main.go:241] ***************************
W0323 10:19:13.404457  108938 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0323 10:19:13.406269  108938 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0323 10:19:13.406314  108938 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0323 10:19:13.406337  108938 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0323 10:19:13.406356  108938 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0323 10:19:13.406375  108938 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0323 10:19:13.406394  108938 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
I0323 10:19:13.410801  108938 container.go:1241] Gofer started, PID: 108945
I0323 10:19:13.411928  108938 sandbox.go:684] Control socket: ""
I0323 10:19:13.412063  108938 sandbox.go:720] Sandbox will be started in new mount, IPC and UTS namespaces
I0323 10:19:13.412105  108938 sandbox.go:730] Sandbox will be started in the current PID namespace
I0323 10:19:13.412139  108938 sandbox.go:741] Sandbox will be started in the container's network namespace: {Type:network Path:}
I0323 10:19:13.412281  108938 sandbox.go:761] Sandbox will be started in container's user namespace: {Type:user Path:}
I0323 10:19:13.412373  108938 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0323 10:19:13.412396  108938 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0323 10:19:13.412415  108938 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0323 10:19:13.412434  108938 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0323 10:19:13.412453  108938 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0323 10:19:13.412472  108938 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
I0323 10:19:13.412704  108938 sandbox.go:779] Sandbox will be started in minimal chroot
W0323 10:19:13.412813  108938 sandbox.go:1360] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
I0323 10:19:13.417543  108938 sandbox.go:978] Sandbox started, PID: 108950
W0323 10:19:13.538708  108938 util.go:64] FATAL ERROR: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF
W0323 10:19:13.539099  108938 main.go:267] Failure to execute command, err: 1

so I think there's a regression in a recent change?

Originally posted by @fishy in #311 (comment)
@avagin
Copy link
Collaborator Author

avagin commented May 4, 2023

probably it has been broken by d1f3b45.

@avagin
Copy link
Collaborator Author

avagin commented May 4, 2023

@blechschmidt, pls take a look at this.

@blechschmidt
Copy link
Contributor

blechschmidt commented May 5, 2023
edited
Loading

I am sorry in case my commit introduced this.

@fishy, does this issue still occur and could you please provide some more instructions on how to reproduce this? It looks like the log is missing the debug messages (because the --debug flag has been removed from the wrapper script?). If the information is not too sensitive, could you post a log with debug messages including the container spec etc.? Could you maybe also post the other log files (i.e. not only *.create)?

I tried to reproduce this, but I was not able to so far. The following works fine for me with multiple versions:

# Create the wrapper script
sudo sh -c "echo -e \#\!/bin/bash\\\n\\\n/usr/local/bin/runsc --network host --ignore-cgroups --debug --debug-log \\'/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%\\' \\\"\\\$@\\\" > /usr/local/bin/runsc-podman"

# Make the wrapper executable
sudo chmod +x /usr/local/bin/runsc-podman

# Run podman without root
podman --runtime /usr/local/bin/runsc-podman  run  --security-opt=label=disable  docker.io/library/busybox echo Hello, World

This outputs Hello, World, as expected. This is my log output for multiple gVisor releases:

version `20230417.0` 
I0505 11:22:56.687545   37984 main.go:224] ***************************
I0505 11:22:56.687572   37984 main.go:225] Args: [/usr/local/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata --pid-file /run/user/1000/containers/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/pidfile 52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47]
I0505 11:22:56.687588   37984 main.go:226] Version release-20230417.0
I0505 11:22:56.687597   37984 main.go:227] GOOS: linux
I0505 11:22:56.687607   37984 main.go:228] GOARCH: amd64
I0505 11:22:56.687616   37984 main.go:229] PID: 37984
I0505 11:22:56.687626   37984 main.go:230] UID: 0, GID: 0
I0505 11:22:56.687636   37984 main.go:231] Configuration:
I0505 11:22:56.687645   37984 main.go:232]              RootDir: /run/user/1000/runsc
I0505 11:22:56.687655   37984 main.go:233]              Platform: ptrace
I0505 11:22:56.687664   37984 main.go:234]              FileAccess: exclusive
I0505 11:22:56.687674   37984 main.go:235]              Directfs: false
I0505 11:22:56.687684   37984 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0505 11:22:56.687694   37984 main.go:238]              Network: host, logging: false
I0505 11:22:56.687705   37984 main.go:239]              Strace: false, max size: 1024, syscalls:
I0505 11:22:56.687715   37984 main.go:240]              IOURING: false
I0505 11:22:56.687725   37984 main.go:241]              Debug: true
I0505 11:22:56.687734   37984 main.go:242]              Systemd: true
I0505 11:22:56.687744   37984 main.go:243] ***************************
W0505 11:22:56.688412   37984 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 11:22:56.688540   37984 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 0,
      "gid": 0,
      "umask": 18,
      "additionalGids": [
        10
      ]
    },
    "args": [
      "echo",
      "Hello,",
      "World"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/root",
      "HOSTNAME=52369ab8dd83"
    ],
    "cwd": "/"
  },
  "root": {
    "path": "/home/me/.local/share/containers/storage/overlay/845accadbdb8111fbda62390ea6ad65b791e46a747a569b58a8f36f77747d840/merged"
  },
  "hostname": "52369ab8dd83",
  "mounts": [
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.podman.annotations.label": "disable",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network",
        "path": "/run/user/1000/netns/netns-6c8a577a-d0fb-798b-2618-c9032fdab00d"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
D0505 11:22:56.688554   37984 container.go:192] Create container, cid: 52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47, rootDir: "/run/user/1000/runsc"
D0505 11:22:56.688611   37984 container.go:255] Creating new sandbox for container, cid: 52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47
D0505 11:22:56.688770   37984 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-112256.688678.gofer"
D0505 11:22:56.688783   37984 donation.go:31] Donating FD 4: "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/config.json"
D0505 11:22:56.688787   37984 donation.go:31] Donating FD 5: "|1"
D0505 11:22:56.688789   37984 donation.go:31] Donating FD 6: "gofer IO FD"
D0505 11:22:56.688792   37984 donation.go:31] Donating FD 7: "gofer IO FD"
D0505 11:22:56.688795   37984 donation.go:31] Donating FD 8: "gofer IO FD"
D0505 11:22:56.688801   37984 donation.go:31] Donating FD 9: "gofer IO FD"
D0505 11:22:56.688803   37984 donation.go:31] Donating FD 10: "gofer IO FD"
D0505 11:22:56.688806   37984 donation.go:31] Donating FD 11: "gofer IO FD"
D0505 11:22:56.688809   37984 container.go:1213] Starting gofer: /proc/self/exe [runsc-gofer --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 gofer --bundle /home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11]
I0505 11:22:56.689914   37984 container.go:1254] Gofer started, PID: 37990
I0505 11:22:56.689942   37984 sandbox.go:636] Failed to set RLIMIT_MEMLOCK: operation not permitted
D0505 11:22:56.690010   37984 sandbox.go:83] Attempting to create socket file "/run/user/1000/runsc/runsc-52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47.sock"
D0505 11:22:56.690028   37984 sandbox.go:86] Using socket file "/run/user/1000/runsc/runsc-52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47.sock"
I0505 11:22:56.690032   37984 sandbox.go:725] Control socket: ""
I0505 11:22:56.690043   37984 sandbox.go:761] Sandbox will be started in new mount, IPC and UTS namespaces
I0505 11:22:56.690049   37984 sandbox.go:771] Sandbox will be started in the current PID namespace
I0505 11:22:56.690054   37984 sandbox.go:782] Sandbox will be started in the container's network namespace: {Type:network Path:/run/user/1000/netns/netns-6c8a577a-d0fb-798b-2618-c9032fdab00d}
I0505 11:22:56.690062   37984 sandbox.go:808] Sandbox will be started in the current user namespace
I0505 11:22:56.690109   37984 sandbox.go:820] Sandbox will be started in minimal chroot
D0505 11:22:56.690118   37984 sandbox.go:1407] Changing "/dev/stdin" ownership to 0/0
W0505 11:22:56.690125   37984 sandbox.go:1410] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
D0505 11:22:56.690129   37984 sandbox.go:1407] Changing "/dev/stdout" ownership to 0/0
D0505 11:22:56.690134   37984 sandbox.go:1407] Changing "/dev/stderr" ownership to 0/0
D0505 11:22:56.690161   37984 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-112256.689953.boot"
D0505 11:22:56.690164   37984 donation.go:31] Donating FD 4: "sandbox IO FD"
D0505 11:22:56.690169   37984 donation.go:31] Donating FD 5: "sandbox IO FD"
D0505 11:22:56.690172   37984 donation.go:31] Donating FD 6: "sandbox IO FD"
D0505 11:22:56.690174   37984 donation.go:31] Donating FD 7: "sandbox IO FD"
D0505 11:22:56.690177   37984 donation.go:31] Donating FD 8: "sandbox IO FD"
D0505 11:22:56.690179   37984 donation.go:31] Donating FD 9: "sandbox IO FD"
D0505 11:22:56.690182   37984 donation.go:31] Donating FD 10: "/home/me/.local/share/containers/storage/overlay/845accadbdb8111fbda62390ea6ad65b791e46a747a569b58a8f36f77747d840/merged/.gvisor.overlay.img.52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47"
D0505 11:22:56.690187   37984 donation.go:31] Donating FD 11: "|0"
D0505 11:22:56.690189   37984 donation.go:31] Donating FD 12: "|1"
D0505 11:22:56.690192   37984 donation.go:31] Donating FD 13: "control_server_socket"
D0505 11:22:56.690195   37984 donation.go:31] Donating FD 14: "/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata/config.json"
D0505 11:22:56.690199   37984 donation.go:31] Donating FD 15: "/dev/stdin"
D0505 11:22:56.690201   37984 donation.go:31] Donating FD 16: "/dev/stdout"
D0505 11:22:56.690204   37984 donation.go:31] Donating FD 17: "/dev/stderr"
D0505 11:22:56.690207   37984 sandbox.go:999] Starting sandbox: /proc/self/exe [runsc-sandbox --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --debug-log-fd=3 boot --bundle=/home/me/.local/share/containers/storage/overlay-containers/52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47/userdata --apply-caps=true --setup-root --total-memory 67268792320 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --overlay-filestore-fds=10 --mounts-fd=11 --start-sync-fd=12 --controller-fd=13 --spec-fd=14 --stdio-fds=15 --stdio-fds=16 --stdio-fds=17 52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47]
D0505 11:22:56.690220   37984 sandbox.go:1000] SysProcAttr: &{Chroot: Credential:<nil> Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:signal 0 Cloneflags:0 Unshareflags:0 UidMappings:[] GidMappings:[] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0}
I0505 11:22:56.690241   37984 namespace.go:123] Applying namespace network at path "/run/user/1000/netns/netns-6c8a577a-d0fb-798b-2618-c9032fdab00d"
I0505 11:22:56.690680   37984 namespace.go:144] Restoring namespace network
D0505 11:22:56.690696   37984 namespace.go:172] Block the current system thread due to: error restoring namespace: of type network: operation not permitted
I0505 11:22:56.690772   37984 sandbox.go:1023] Sandbox started, PID: 37991
D0505 11:22:56.895358   37984 container.go:980] Save container, cid: 52369ab8dd83c7d2b8dc66340a2655b145e74255fa6109757ba9305e1eed2b47
I0505 11:22:56.895812   37984 main.go:260] Exiting with status: 0
version `20230320.0` 
I0505 11:58:25.351558   46143 main.go:222] ***************************
I0505 11:58:25.351587   46143 main.go:223] Args: [/usr/local/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata --pid-file /run/user/1000/containers/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/pidfile ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f]
I0505 11:58:25.351603   46143 main.go:224] Version release-20230320.0
I0505 11:58:25.351613   46143 main.go:225] GOOS: linux
I0505 11:58:25.351622   46143 main.go:226] GOARCH: amd64
I0505 11:58:25.351631   46143 main.go:227] PID: 46143
I0505 11:58:25.351641   46143 main.go:228] UID: 0, GID: 0
I0505 11:58:25.351650   46143 main.go:229] Configuration:
I0505 11:58:25.351660   46143 main.go:230]              RootDir: /run/user/1000/runsc
I0505 11:58:25.351669   46143 main.go:231]              Platform: ptrace
I0505 11:58:25.351678   46143 main.go:232]              FileAccess: exclusive
I0505 11:58:25.351689   46143 main.go:233]              Directfs: false
I0505 11:58:25.351699   46143 main.go:235]              Overlay: Root=true, SubMounts=false, Medium="self"
I0505 11:58:25.351709   46143 main.go:236]              Network: host, logging: false
I0505 11:58:25.351720   46143 main.go:237]              Strace: false, max size: 1024, syscalls:
I0505 11:58:25.351730   46143 main.go:238]              IOURING: false
I0505 11:58:25.351739   46143 main.go:239]              Debug: true
I0505 11:58:25.351748   46143 main.go:240]              Systemd: true
I0505 11:58:25.351758   46143 main.go:241] ***************************
W0505 11:58:25.352419   46143 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 11:58:25.352545   46143 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 0,
      "gid": 0,
      "umask": 18,
      "additionalGids": [
        10
      ]
    },
    "args": [
      "echo",
      "Hello,",
      "World"
    ],
    "env": [
      "TERM=xterm",
      "container=podman",
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "HOME=/root",
      "HOSTNAME=ef8a73b2a55b"
    ],
    "cwd": "/"
  },
  "root": {
    "path": "/home/me/.local/share/containers/storage/overlay/3e3c0e24398f977b658594de8d7bd479ad2fca45465836902ea20c96495ba1a3/merged"
  },
  "hostname": "ef8a73b2a55b",
  "mounts": [
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.podman.annotations.label": "disable",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network",
        "path": "/run/user/1000/netns/netns-0939160e-1068-f3d3-f9bb-81cf8caec616"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
D0505 11:58:25.352558   46143 container.go:189] Create container, cid: ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f, rootDir: "/run/user/1000/runsc"
D0505 11:58:25.352610   46143 container.go:252] Creating new sandbox for container, cid: ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f
D0505 11:58:25.352762   46143 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-115825.352673.gofer"
D0505 11:58:25.352775   46143 donation.go:31] Donating FD 4: "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/config.json"
D0505 11:58:25.352779   46143 donation.go:31] Donating FD 5: "|1"
D0505 11:58:25.352782   46143 donation.go:31] Donating FD 6: "gofer IO FD"
D0505 11:58:25.352784   46143 donation.go:31] Donating FD 7: "gofer IO FD"
D0505 11:58:25.352787   46143 donation.go:31] Donating FD 8: "gofer IO FD"
D0505 11:58:25.352799   46143 donation.go:31] Donating FD 9: "gofer IO FD"
D0505 11:58:25.352802   46143 donation.go:31] Donating FD 10: "gofer IO FD"
D0505 11:58:25.352805   46143 donation.go:31] Donating FD 11: "gofer IO FD"
D0505 11:58:25.352807   46143 container.go:1200] Starting gofer: /proc/self/exe [runsc-gofer --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 gofer --bundle /home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11]
I0505 11:58:25.353955   46143 container.go:1241] Gofer started, PID: 46149
D0505 11:58:25.354033   46143 sandbox.go:83] Attempting to create socket file "/run/user/1000/runsc/runsc-ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f.sock"
D0505 11:58:25.354051   46143 sandbox.go:86] Using socket file "/run/user/1000/runsc/runsc-ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f.sock"
I0505 11:58:25.354055   46143 sandbox.go:684] Control socket: ""
I0505 11:58:25.354066   46143 sandbox.go:720] Sandbox will be started in new mount, IPC and UTS namespaces
I0505 11:58:25.354072   46143 sandbox.go:730] Sandbox will be started in the current PID namespace
I0505 11:58:25.354077   46143 sandbox.go:741] Sandbox will be started in the container's network namespace: {Type:network Path:/run/user/1000/netns/netns-0939160e-1068-f3d3-f9bb-81cf8caec616}
I0505 11:58:25.354090   46143 sandbox.go:767] Sandbox will be started in the current user namespace
I0505 11:58:25.354128   46143 sandbox.go:779] Sandbox will be started in minimal chroot
D0505 11:58:25.354137   46143 sandbox.go:1357] Changing "/dev/stdin" ownership to 0/0
W0505 11:58:25.354145   46143 sandbox.go:1360] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
D0505 11:58:25.354148   46143 sandbox.go:1357] Changing "/dev/stdout" ownership to 0/0
D0505 11:58:25.354152   46143 sandbox.go:1357] Changing "/dev/stderr" ownership to 0/0
D0505 11:58:25.354180   46143 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-115825.353978.boot"
D0505 11:58:25.354183   46143 donation.go:31] Donating FD 4: "sandbox IO FD"
D0505 11:58:25.354186   46143 donation.go:31] Donating FD 5: "sandbox IO FD"
D0505 11:58:25.354189   46143 donation.go:31] Donating FD 6: "sandbox IO FD"
D0505 11:58:25.354192   46143 donation.go:31] Donating FD 7: "sandbox IO FD"
D0505 11:58:25.354194   46143 donation.go:31] Donating FD 8: "sandbox IO FD"
D0505 11:58:25.354197   46143 donation.go:31] Donating FD 9: "sandbox IO FD"
D0505 11:58:25.354199   46143 donation.go:31] Donating FD 10: "/home/me/.local/share/containers/storage/overlay/3e3c0e24398f977b658594de8d7bd479ad2fca45465836902ea20c96495ba1a3/merged/.gvisor.overlay.img.ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f"
D0505 11:58:25.354204   46143 donation.go:31] Donating FD 11: "|0"
D0505 11:58:25.354207   46143 donation.go:31] Donating FD 12: "|1"
D0505 11:58:25.354209   46143 donation.go:31] Donating FD 13: "control_server_socket"
D0505 11:58:25.354212   46143 donation.go:31] Donating FD 14: "/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata/config.json"
D0505 11:58:25.354216   46143 donation.go:31] Donating FD 15: "/dev/stdin"
D0505 11:58:25.354218   46143 donation.go:31] Donating FD 16: "/dev/stdout"
D0505 11:58:25.354221   46143 donation.go:31] Donating FD 17: "/dev/stderr"
D0505 11:58:25.354223   46143 sandbox.go:954] Starting sandbox: /proc/self/exe [runsc-sandbox --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --debug-log-fd=3 boot --bundle=/home/me/.local/share/containers/storage/overlay-containers/ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f/userdata --apply-caps=true --setup-root --total-memory 67268792320 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --overlay-filestore-fds=10 --mounts-fd=11 --start-sync-fd=12 --controller-fd=13 --spec-fd=14 --stdio-fds=15 --stdio-fds=16 --stdio-fds=17 ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f]
D0505 11:58:25.354234   46143 sandbox.go:955] SysProcAttr: &{Chroot: Credential:<nil> Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:signal 0 Cloneflags:0 Unshareflags:0 UidMappings:[] GidMappings:[] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0}
I0505 11:58:25.354258   46143 namespace.go:123] Applying namespace network at path "/run/user/1000/netns/netns-0939160e-1068-f3d3-f9bb-81cf8caec616"
I0505 11:58:25.354739   46143 namespace.go:144] Restoring namespace network
D0505 11:58:25.354755   46143 namespace.go:172] Block the current system thread due to: error restoring namespace: of type network: operation not permitted
I0505 11:58:25.354837   46143 sandbox.go:978] Sandbox started, PID: 46150
D0505 11:58:25.529648   46143 container.go:967] Save container, cid: ef8a73b2a55ba84585599943095e00db266fbb6a401c2f391500766087866c0f
I0505 11:58:25.530104   46143 main.go:258] Exiting with status: 0
version `20230214.0` 
I0505 12:03:57.721190   47216 main.go:218] ***************************
I0505 12:03:57.721233   47216 main.go:219] Args: [/usr/local/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata --pid-file /run/user/1000/containers/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/pidfile 557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1]
I0505 12:03:57.721269   47216 main.go:220] Version release-20230214.0
I0505 12:03:57.721294   47216 main.go:221] GOOS: linux
I0505 12:03:57.721316   47216 main.go:222] GOARCH: amd64
I0505 12:03:57.721337   47216 main.go:223] PID: 47216
I0505 12:03:57.721360   47216 main.go:224] UID: 0, GID: 0
I0505 12:03:57.721382   47216 main.go:225] Configuration:
I0505 12:03:57.721404   47216 main.go:226]              RootDir: /run/user/1000/runsc
I0505 12:03:57.721425   47216 main.go:227]              Platform: ptrace
I0505 12:03:57.721447   47216 main.go:228]              FileAccess: exclusive
I0505 12:03:57.721475   47216 main.go:230]              Overlay: Root=false, SubMounts=false, Medium=""
I0505 12:03:57.721498   47216 main.go:231]              Network: host, logging: false
I0505 12:03:57.721521   47216 main.go:232]              Strace: false, max size: 1024, syscalls:
I0505 12:03:57.721545   47216 main.go:233]              IOURING: false
I0505 12:03:57.721567   47216 main.go:234]              Debug: true
I0505 12:03:57.721588   47216 main.go:235]              Systemd: true
I0505 12:03:57.721610   47216 main.go:236] ***************************
W0505 12:03:57.723022   47216 specutils.go:115] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 12:03:57.723294   47216 specutils.go:77] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 0,
      "gid": 0,
      "umask": 18,
      "additionalGids": [
        10
      ]
    },
    "args": [
      "echo",
      "Hello,",
      "World"
    ],
    "env": [
      "container=podman",
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "HOME=/root",
      "HOSTNAME=557a766afa57"
    ],
    "cwd": "/"
  },
  "root": {
    "path": "/home/me/.local/share/containers/storage/overlay/ad50ff7582bd0c5c4ff66b0791455ded6ef2f3c8b988e4d7e095c9f9047a0e96/merged"
  },
  "hostname": "557a766afa57",
  "mounts": [
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.podman.annotations.label": "disable",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network",
        "path": "/run/user/1000/netns/netns-b1bc848c-cdec-c7e6-9756-b63d94385729"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
D0505 12:03:57.723320   47216 container.go:185] Create container, cid: 557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1, rootDir: "/run/user/1000/runsc"
D0505 12:03:57.723399   47216 container.go:244] Creating new sandbox for container, cid: 557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1
D0505 12:03:57.723591   47216 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-120357.723416.gofer"
D0505 12:03:57.723613   47216 donation.go:31] Donating FD 4: "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/config.json"
D0505 12:03:57.723623   47216 donation.go:31] Donating FD 5: "|1"
D0505 12:03:57.723629   47216 donation.go:31] Donating FD 6: "gofer IO FD"
D0505 12:03:57.723635   47216 donation.go:31] Donating FD 7: "gofer IO FD"
D0505 12:03:57.723641   47216 donation.go:31] Donating FD 8: "gofer IO FD"
D0505 12:03:57.723647   47216 donation.go:31] Donating FD 9: "gofer IO FD"
D0505 12:03:57.723660   47216 donation.go:31] Donating FD 10: "gofer IO FD"
D0505 12:03:57.723666   47216 donation.go:31] Donating FD 11: "gofer IO FD"
D0505 12:03:57.723672   47216 container.go:1178] Starting gofer: /proc/self/exe [runsc-gofer --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --debug-log-fd=3 gofer --bundle /home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11]
I0505 12:03:57.725265   47216 container.go:1219] Gofer started, PID: 47225
D0505 12:03:57.725416   47216 sandbox.go:83] Attempting to create socket file "/run/user/1000/runsc/runsc-557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1.sock"
D0505 12:03:57.725450   47216 sandbox.go:86] Using socket file "/run/user/1000/runsc/runsc-557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1.sock"
I0505 12:03:57.725460   47216 sandbox.go:670] Control socket: ""
I0505 12:03:57.725484   47216 sandbox.go:706] Sandbox will be started in new mount, IPC and UTS namespaces
I0505 12:03:57.725496   47216 sandbox.go:716] Sandbox will be started in the current PID namespace
I0505 12:03:57.725508   47216 sandbox.go:727] Sandbox will be started in the container's network namespace: {Type:network Path:/run/user/1000/netns/netns-b1bc848c-cdec-c7e6-9756-b63d94385729}
I0505 12:03:57.725530   47216 sandbox.go:750] Sandbox will be started in the current user namespace
I0505 12:03:57.725607   47216 sandbox.go:763] Sandbox will be started in minimal chroot
D0505 12:03:57.725627   47216 sandbox.go:1340] Changing "/dev/stdin" ownership to 0/0
W0505 12:03:57.725642   47216 sandbox.go:1343] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
D0505 12:03:57.725650   47216 sandbox.go:1340] Changing "/dev/stdout" ownership to 0/0
D0505 12:03:57.725658   47216 sandbox.go:1340] Changing "/dev/stderr" ownership to 0/0
D0505 12:03:57.725708   47216 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-120357.725307.boot"
D0505 12:03:57.725718   47216 donation.go:31] Donating FD 4: "sandbox IO FD"
D0505 12:03:57.725725   47216 donation.go:31] Donating FD 5: "sandbox IO FD"
D0505 12:03:57.725731   47216 donation.go:31] Donating FD 6: "sandbox IO FD"
D0505 12:03:57.725737   47216 donation.go:31] Donating FD 7: "sandbox IO FD"
D0505 12:03:57.725743   47216 donation.go:31] Donating FD 8: "sandbox IO FD"
D0505 12:03:57.725749   47216 donation.go:31] Donating FD 9: "sandbox IO FD"
D0505 12:03:57.725756   47216 donation.go:31] Donating FD 10: "|0"
D0505 12:03:57.725762   47216 donation.go:31] Donating FD 11: "|1"
D0505 12:03:57.725768   47216 donation.go:31] Donating FD 12: "control_server_socket"
D0505 12:03:57.725774   47216 donation.go:31] Donating FD 13: "/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata/config.json"
D0505 12:03:57.725783   47216 donation.go:31] Donating FD 14: "/dev/stdin"
D0505 12:03:57.725789   47216 donation.go:31] Donating FD 15: "/dev/stdout"
D0505 12:03:57.725795   47216 donation.go:31] Donating FD 16: "/dev/stderr"
D0505 12:03:57.725801   47216 sandbox.go:937] Starting sandbox: /proc/self/exe [runsc-sandbox --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --debug-log-fd=3 boot --bundle=/home/me/.local/share/containers/storage/overlay-containers/557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1/userdata --apply-caps=true --setup-root --total-memory 67268792320 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --mounts-fd=10 --start-sync-fd=11 --controller-fd=12 --spec-fd=13 --stdio-fds=14 --stdio-fds=15 --stdio-fds=16 557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1]
D0505 12:03:57.725826   47216 sandbox.go:938] SysProcAttr: &{Chroot: Credential:<nil> Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:signal 0 Cloneflags:0 Unshareflags:0 UidMappings:[] GidMappings:[] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0}
I0505 12:03:57.725864   47216 namespace.go:123] Applying namespace network at path "/run/user/1000/netns/netns-b1bc848c-cdec-c7e6-9756-b63d94385729"
I0505 12:03:57.726417   47216 namespace.go:144] Restoring namespace network
D0505 12:03:57.726436   47216 namespace.go:172] Block the current system thread due to: error restoring namespace: of type network: operation not permitted
I0505 12:03:57.726481   47216 sandbox.go:961] Sandbox started, PID: 47229
D0505 12:03:57.876474   47216 container.go:949] Save container, cid: 557a766afa57a45346e48ba5028746f67fd8352cdf30ad711f5accc55722cec1
I0505 12:03:57.876858   47216 main.go:252] Exiting with status: 0

Note that changing /dev/stdin ownership fails in all of my test runs, but it is only a warning message, not a fatal error. See:

gvisor/runsc/sandbox/sandbox.go

Lines 1406 to 1426 in 153f021

func (s *Sandbox) configureStdios(conf *config.Config, stdios []*os.File) error {
if conf.Rootless || conf.TestOnlyAllowRunAsCurrentUserWithoutChroot {
// Cannot change ownership without CAP_CHOWN.
return nil
}
if s.UID < 0 || s.GID < 0 {
panic(fmt.Sprintf("sandbox UID/GID is not set: %d/%d", s.UID, s.GID))
}
for _, file := range stdios {
log.Debugf("Changing %q ownership to %d/%d", file.Name(), s.UID, s.GID)
if err := file.Chown(s.UID, s.GID); err != nil {
if errors.Is(err, unix.EINVAL) || errors.Is(err, unix.EPERM) || errors.Is(err, unix.EROFS) {
log.Warningf("can't change an owner of %s: %s", file.Name(), err)
continue
}
return err
}
}
return nil
}

Thus, failure to change ownership should not result in abnormal termination, which is why I think that the error is not necessarily related to that warning. Notably, the warning is also printed in my run with version 20230214.0.

The log hints at the sandbox process being terminated unexpectedly for some other reason.

@fishy
Copy link

fishy commented May 5, 2023

from:

$ podman --runtime=/home/fishy/bin/runsc-podman.sh run --userns=keep-id --rm -v "${PWD}":/data/ --user "$(id -u):$(id -g)" --platform= ghcr.io/reddit/thrift-compiler:0.18.1 --version
Error: OCI runtime error: /home/fishy/bin/runsc-podman.sh: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF

with:

`cat /home/fishy/bin/runsc-podman.sh` 
#!/bin/bash

exec $(which runsc) --network host --ignore-cgroups --debug --debug-log '/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%' "$@"
`cat /tmp/runsc/runsc.log..20230505-101307.162163.create` 
I0505 10:13:07.162279  451050 main.go:224] ***************************
I0505 10:13:07.163327  451050 main.go:225] Args: [/usr/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --pid-file /run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/pidfile d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390]
I0505 10:13:07.163381  451050 main.go:226] Version release-20230501.0
I0505 10:13:07.163403  451050 main.go:227] GOOS: linux
I0505 10:13:07.163423  451050 main.go:228] GOARCH: amd64
I0505 10:13:07.163444  451050 main.go:229] PID: 451050
I0505 10:13:07.163466  451050 main.go:230] UID: 0, GID: 0
I0505 10:13:07.163487  451050 main.go:231] Configuration:
I0505 10:13:07.163507  451050 main.go:232] 		RootDir: /run/user/1000/runsc
I0505 10:13:07.163527  451050 main.go:233] 		Platform: ptrace
I0505 10:13:07.163548  451050 main.go:234] 		FileAccess: exclusive
I0505 10:13:07.163570  451050 main.go:235] 		Directfs: false
I0505 10:13:07.163591  451050 main.go:237] 		Overlay: Root=true, SubMounts=false, Medium="self"
I0505 10:13:07.163612  451050 main.go:238] 		Network: host, logging: false
I0505 10:13:07.163634  451050 main.go:239] 		Strace: false, max size: 1024, syscalls: 
I0505 10:13:07.163655  451050 main.go:240] 		IOURING: false
I0505 10:13:07.163675  451050 main.go:241] 		Debug: true
I0505 10:13:07.163696  451050 main.go:242] 		Systemd: true
I0505 10:13:07.163716  451050 main.go:243] ***************************
W0505 10:13:07.167462  451050 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 10:13:07.168622  451050 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=d21b33714171"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/fishy/.local/share/containers/storage/overlay/618b833f925187e36e61117437b63c623ccda8ed8e1695a8890210ef3127e96c/merged"
  },
  "hostname": "d21b33714171",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/fishy",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-05T10:13:06.660552448-07:00",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
D0505 10:13:07.169036  451050 container.go:192] Create container, cid: d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390, rootDir: "/run/user/1000/runsc"
D0505 10:13:07.170586  451050 container.go:255] Creating new sandbox for container, cid: d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390
I0505 10:13:07.171530  451050 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0505 10:13:07.171560  451050 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0505 10:13:07.171569  451050 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0505 10:13:07.171575  451050 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0505 10:13:07.171582  451050 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0505 10:13:07.171588  451050 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
D0505 10:13:07.171608  451050 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-101307.171257.gofer"
D0505 10:13:07.171878  451050 donation.go:31] Donating FD 4: "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/config.json"
D0505 10:13:07.171887  451050 donation.go:31] Donating FD 5: "|1"
D0505 10:13:07.171893  451050 donation.go:31] Donating FD 6: "gofer IO FD"
D0505 10:13:07.171900  451050 donation.go:31] Donating FD 7: "gofer IO FD"
D0505 10:13:07.171905  451050 donation.go:31] Donating FD 8: "gofer IO FD"
D0505 10:13:07.171911  451050 donation.go:31] Donating FD 9: "gofer IO FD"
D0505 10:13:07.171917  451050 donation.go:31] Donating FD 10: "gofer IO FD"
D0505 10:13:07.171923  451050 donation.go:31] Donating FD 11: "gofer IO FD"
D0505 10:13:07.171929  451050 donation.go:31] Donating FD 12: "gofer IO FD"
D0505 10:13:07.171935  451050 container.go:1213] Starting gofer: /proc/self/exe [runsc-gofer --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 gofer --bundle /home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11 --io-fds=12]
I0505 10:13:07.174236  451050 container.go:1254] Gofer started, PID: 451057
I0505 10:13:07.174355  451050 sandbox.go:636] Failed to set RLIMIT_MEMLOCK: operation not permitted
D0505 10:13:07.174574  451050 sandbox.go:83] Attempting to create socket file "/run/user/1000/runsc/runsc-d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390.sock"
D0505 10:13:07.174640  451050 sandbox.go:86] Using socket file "/run/user/1000/runsc/runsc-d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390.sock"
I0505 10:13:07.174656  451050 sandbox.go:725] Control socket: ""
I0505 10:13:07.174696  451050 sandbox.go:761] Sandbox will be started in new mount, IPC and UTS namespaces
I0505 10:13:07.174713  451050 sandbox.go:771] Sandbox will be started in the current PID namespace
I0505 10:13:07.174725  451050 sandbox.go:782] Sandbox will be started in the container's network namespace: {Type:network Path:}
I0505 10:13:07.174769  451050 sandbox.go:802] Sandbox will be started in container's user namespace: {Type:user Path:}
I0505 10:13:07.174789  451050 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0505 10:13:07.174796  451050 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0505 10:13:07.174803  451050 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0505 10:13:07.174809  451050 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0505 10:13:07.174816  451050 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0505 10:13:07.174822  451050 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
I0505 10:13:07.174899  451050 sandbox.go:820] Sandbox will be started in minimal chroot
D0505 10:13:07.174921  451050 sandbox.go:1407] Changing "/dev/stdin" ownership to 0/0
W0505 10:13:07.174944  451050 sandbox.go:1410] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
D0505 10:13:07.174953  451050 sandbox.go:1407] Changing "/dev/stdout" ownership to 0/0
D0505 10:13:07.174963  451050 sandbox.go:1407] Changing "/dev/stderr" ownership to 0/0
D0505 10:13:07.175040  451050 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230505-101307.174388.boot"
D0505 10:13:07.175050  451050 donation.go:31] Donating FD 4: "sandbox IO FD"
D0505 10:13:07.175057  451050 donation.go:31] Donating FD 5: "sandbox IO FD"
D0505 10:13:07.175063  451050 donation.go:31] Donating FD 6: "sandbox IO FD"
D0505 10:13:07.175076  451050 donation.go:31] Donating FD 7: "sandbox IO FD"
D0505 10:13:07.175083  451050 donation.go:31] Donating FD 8: "sandbox IO FD"
D0505 10:13:07.175089  451050 donation.go:31] Donating FD 9: "sandbox IO FD"
D0505 10:13:07.175094  451050 donation.go:31] Donating FD 10: "sandbox IO FD"
D0505 10:13:07.175100  451050 donation.go:31] Donating FD 11: "/home/fishy/.local/share/containers/storage/overlay/618b833f925187e36e61117437b63c623ccda8ed8e1695a8890210ef3127e96c/merged/.gvisor.overlay.img.d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390"
D0505 10:13:07.175117  451050 donation.go:31] Donating FD 12: "|0"
D0505 10:13:07.175123  451050 donation.go:31] Donating FD 13: "|1"
D0505 10:13:07.175129  451050 donation.go:31] Donating FD 14: "control_server_socket"
D0505 10:13:07.175135  451050 donation.go:31] Donating FD 15: "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/config.json"
D0505 10:13:07.175145  451050 donation.go:31] Donating FD 16: "/dev/stdin"
D0505 10:13:07.175151  451050 donation.go:31] Donating FD 17: "/dev/stdout"
D0505 10:13:07.175157  451050 donation.go:31] Donating FD 18: "/dev/stderr"
D0505 10:13:07.175163  451050 sandbox.go:999] Starting sandbox: /proc/self/exe [runsc-sandbox --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 boot --bundle=/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --apply-caps=true --setup-root --total-memory 16359923712 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390]
D0505 10:13:07.175194  451050 sandbox.go:1000] SysProcAttr: &{Chroot: Credential:0xc00034e540 Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:signal 0 Cloneflags:0 Unshareflags:0 UidMappings:[{ContainerID:0 HostID:1 Size:1000} {ContainerID:1000 HostID:0 Size:1} {ContainerID:1001 HostID:1001 Size:64536}] GidMappings:[{ContainerID:0 HostID:1 Size:1000} {ContainerID:1000 HostID:0 Size:1} {ContainerID:1001 HostID:1001 Size:64536}] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0}
I0505 10:13:07.176817  451050 sandbox.go:1023] Sandbox started, PID: 451062
D0505 10:13:07.242072  451050 sandbox.go:1105] Destroying sandbox "d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390"
D0505 10:13:07.242112  451050 sandbox.go:1114] Killing sandbox "d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390"
D0505 10:13:07.242177  451050 container.go:754] Destroy container, cid: d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390
D0505 10:13:07.242212  451050 container.go:1008] Killing gofer for container, cid: d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390, PID: 451057
W0505 10:13:07.242683  451050 util.go:64] FATAL ERROR: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF
W0505 10:13:07.242771  451050 main.go:269] Failure to execute command, err: 1
`dpkg -s runsc` 
Package: runsc
Status: install ok installed
Priority: optional
Section: contrib/devel
Maintainer: The gVisor Authors <[email protected]>
Architecture: amd64
Version: 20230501.0
Conffiles:
 /etc/containerd/runsc.toml db121cae9a154693d4a801d920bfd823
Description: gVisor container sandbox runtime
Homepage: https://gvisor.dev/
`dpkg -s podman` 
Package: podman
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 35943
Maintainer: Debian Go Packaging Team <[email protected]>
Architecture: amd64
Source: libpod (4.3.1+ds1-6)
Version: 4.3.1+ds1-6+b2
Depends: libc6 (>= 2.34), libdevmapper1.02.1 (>= 2:1.02.97), libgpgme11 (>= 1.4.1), libseccomp2 (>= 2.5.0), libsubid4 (>= 1:4.11.1), conmon (>= 2.0.18~), golang-github-containers-common, crun | runc (>= 1.0.0~rc92~)
Recommends: buildah (>= 1.28), dbus-user-session, fuse-overlayfs (>= 1.0.0~), slirp4netns (>= 0.4.1~), catatonit | tini | dumb-init, uidmap
Suggests: containers-storage, docker-compose, iptables
Breaks: buildah (<< 1.10.1-6), fuse-overlayfs (<< 0.7.1), slirp4netns (<< 0.4.1)
Conffiles:
 /etc/cni/net.d/87-podman-bridge.conflist a87c090f17c5274af878e7106e969b60
 /etc/containers/libpod.conf ceec5a77b5f6a56d212eeed7b707d322
Description: engine to run OCI-based containers in Pods
 Podman is an engine for running OCI-based containers in Pods.
 Podman provides a CLI interface for managing Pods, Containers, and
 Container Images.
 .
 At a high level, the scope of libpod and podman is the following:
  * Support multiple image formats including the OCI and Docker image
    formats.
  * Support for multiple means to download images including trust & image
    verification.
  * Container image management (managing image layers, overlay filesystems,
    etc).
  * Full management of container lifecycle.
  * Support for pods to manage groups of containers together.
  * Resource isolation of containers and pods.
  * Support for a Docker-compatible CLI interface through Podman.
 .
 Podman is a daemon-less alternative to Docker.
Built-Using: containerd (= 1.6.18~ds1-1), docker-registry (= 2.8.1+ds1-2), docker.io (= 20.10.23+dfsg1-1), golang-1.19 (= 1.19.6-2), golang-dbus (= 5.1.0-1), golang-fsnotify (= 1.6.0-2), golang-ginkgo (= 1.16.5-3), golang-github-acarl005-stripansi (= 0.0~git20180116.5a71ef0-3), golang-github-appc-cni (= 1.1.2-1), golang-github-blang-semver (= 4.0.0-1), golang-github-buger-goterm (= 0.0+git20181115.c206103-3), golang-github-cespare-xxhash (= 2.1.1-2), golang-github-checkpoint-restore-go-criu (= 5.3.0-2), golang-github-chzyer-readline (= 1.4.39.g2972be2-3), golang-github-cilium-ebpf (= 0.9.1-1), golang-github-containerd-stargz-snapshotter (= 0.12.0-2), golang-github-containernetworking-plugins (= 1.1.1+ds1-3), golang-github-containers-buildah (= 1.28.2+ds1-1), golang-github-containers-common (= 0.50.1+ds1-4), golang-github-containers-image (= 5.23.1-3), golang-github-containers-ocicrypt (= 1.0.3-1), golang-github-containers-psgo (= 1.7.1+ds1-1), golang-github-containers-storage (= 1.43.0+ds1-7), golang-github-coreos-bbolt (= 1.3.6-2), golang-github-coreos-go-systemd (= 22.3.2-1), golang-github-cyphar-filepath-securejoin (= 0.2.3-1), golang-github-davecgh-go-spew (= 1.1.1-3), golang-github-disiqueira-gotree (= 3.0.2-2), golang-github-docker-docker-credential-helpers (= 0.6.4+ds1-1), golang-github-docker-go-connections (= 0.4.0-4), golang-github-docker-go-units (= 0.4.0-4), golang-github-docker-libtrust (= 0.0~git20150526.0.9cbd2a1-3.1), golang-github-fsouza-go-dockerclient (= 1.8.1-1), golang-github-fullsailor-pkcs7 (= 0.0~git20210826.33d0574-2), golang-github-ghodss-yaml (= 1.0.0+git20220118.d8423dc-2), golang-github-golang-protobuf-1-3 (= 1.3.5-4), golang-github-google-go-intervals (= 0.0.2-2), golang-github-google-gofuzz (= 1.2.0-1), golang-github-google-shlex (= 0.0~git20191202.e7afc7f-1), golang-github-google-uuid (= 1.3.0-1), golang-github-gorilla-handlers (= 1.5.1-3), golang-github-gorilla-mux (= 1.8.0-1), golang-github-gorilla-schema (= 1.2.0-2), golang-github-hashicorp-errwrap (= 1.1.0-1), golang-github-hashicorp-go-multierror (= 1.1.1-2), golang-github-jinzhu-copier (= 0.3.2-2), golang-github-json-iterator-go (= 1.1.12-1), golang-github-juju-ansiterm (= 1.0.0-1), golang-github-klauspost-compress (= 1.15.12+ds1-3), golang-github-klauspost-pgzip (= 1.2.5-2), golang-github-kr-fs (= 0.1.0-2), golang-github-lunixbochs-vtclean (= 1.0.0-1), golang-github-manifoldco-promptui (= 0.8.0-2), golang-github-mattn-go-colorable (= 0.1.13-1), golang-github-mattn-go-isatty (= 0.0.17-1), golang-github-mattn-go-runewidth (= 0.0.14-1), golang-github-mattn-go-shellwords (= 1.0.10-2), golang-github-moby-sys (= 0.0~git20220606.416188a-1), golang-github-moby-term (= 0.0~git20221120.abb1982-1), golang-github-modern-go-concurrent (= 1.0.3-1.1), golang-github-modern-go-reflect2 (= 1.0.2-2), golang-github-morikuni-aec (= 1.0.0-3), golang-github-nxadm-tail (= 1.4.5+ds1-5), golang-github-opencontainers-go-digest (= 1.0.0-2), golang-github-opencontainers-image-spec (= 1.1.0~rc2-1), golang-github-opencontainers-runtime-tools (= 0.9.0+git20220423.g0105384-2), golang-github-opencontainers-selinux (= 1.10.0+ds1-1), golang-github-opencontainers-specs (= 1.0.2.118.g5cfc4c3-1), golang-github-openshift-imagebuilder (= 1.2.3+ds1-2), golang-github-pkg-errors (= 0.9.1-2), golang-github-pkg-sftp (= 1.13.5-2), golang-github-pmezard-go-difflib (= 1.0.0-3), golang-github-proglottis-gpgme (= 0.1.1-2), golang-github-rivo-uniseg (= 0.4.2-1), golang-github-spf13-cobra (= 1.6.1-1), golang-github-spf13-pflag (= 1.0.6~git20210604-d5e0c0615ace-1), golang-github-sylabs-sif (= 2.8.3-1), golang-github-ulikunitz-xz (= 0.5.6-2), golang-github-vbatts-tar-split (= 0.11.2+ds1-1), golang-github-vbauerster-mpb (= 7.3.2-1), golang-github-vishvananda-netlink (= 1.1.0.125.gf243826-4), golang-github-vishvananda-netns (= 0.0~git20211101.5004558-1), golang-github-vividcortex-ewma (= 1.1.1-2), golang-github-xeipuuv-gojsonpointer (= 0.0~git20190905.02993c4-3), golang-github-xeipuuv-gojsonreference (= 0.0~git20180127.bd5ef7b-3), golang-github-xeipuuv-gojsonschema (= 1.2.0-3), golang-go-patricia (= 2.3.1-1), golang-go-zfs (= 3.0.0-1), golang-go.crypto (= 1:0.4.0-1), golang-gocapability-dev (= 0.0+git20200815.42c35b4-2), golang-gogoprotobuf (= 1.3.2-3), golang-golang-x-net (= 1:0.7.0+dfsg-1), golang-golang-x-sync (= 0.1.0-1), golang-golang-x-sys (= 0.3.0-1), golang-golang-x-term (= 0.3.0-1), golang-golang-x-text (= 0.7.0-1), golang-golang-x-xerrors (= 0.0~git20200804.5ec99f8-1), golang-gomega (= 1.10.3-1), golang-google-genproto (= 0.0~git20200413.b5235f6-3), golang-google-grpc (= 1.33.3-2), golang-google-protobuf (= 1.28.1-3), golang-gopkg-inf.v0 (= 0.9.1-2), golang-gopkg-square-go-jose.v2 (= 2.6.0-2), golang-gopkg-tomb.v1 (= 0.0~git20141024.0.dd63297-8), golang-gopkg-yaml.v3 (= 3.0.1-3), golang-k8s-sigs-yaml (= 1.3.0-1), golang-logrus (= 1.9.0-1), golang-toml (= 1.2.0-2), golang-yaml.v2 (= 2.4.0-4), rootlesskit (= 1.1.0-1), runc (= 1.1.4+ds1-1)
Homepage: https://github.com/containers/podman

@fishy
Copy link

fishy commented May 5, 2023

The dockerfile is: https://github.com/reddit/thrift-compiler/blob/main/Dockerfile

@blechschmidt
Copy link
Contributor

blechschmidt commented May 5, 2023
edited
Loading

I can reproduce this symptom now, but I am not entirely sure whether this is the issue that you are experiencing as well, since I experience it for older versions, too. Depending on what version I am running, the error messages in the boot log differ.

Two more questions:

  • Could you also post your *.boot log please? It should reside in the same folder as the *.create log.
  • It works with version 20230306.0 in your case. Is that correct?
  • If you could also post *.boot and *.create logs of a working version, this would be great, so one could see the diff.

@fishy
Copy link

fishy commented May 5, 2023
edited
Loading

`cat /tmp/runsc/runsc.log..20230505-101307.174388.boot` 
I0505 10:13:07.199234  451062 main.go:224] ***************************
I0505 10:13:07.199269  451062 main.go:225] Args: [runsc-sandbox --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 boot --bundle=/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --apply-caps=true --setup-root --total-memory 16359923712 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390]
I0505 10:13:07.199287  451062 main.go:226] Version release-20230501.0
I0505 10:13:07.199298  451062 main.go:227] GOOS: linux
I0505 10:13:07.199328  451062 main.go:228] GOARCH: amd64
I0505 10:13:07.199340  451062 main.go:229] PID: 451062
I0505 10:13:07.199353  451062 main.go:230] UID: 0, GID: 0
I0505 10:13:07.199364  451062 main.go:231] Configuration:
I0505 10:13:07.199376  451062 main.go:232] 		RootDir: /run/user/1000/runsc
I0505 10:13:07.199387  451062 main.go:233] 		Platform: ptrace
I0505 10:13:07.199411  451062 main.go:234] 		FileAccess: exclusive
I0505 10:13:07.199423  451062 main.go:235] 		Directfs: false
I0505 10:13:07.199434  451062 main.go:237] 		Overlay: Root=true, SubMounts=false, Medium="self"
I0505 10:13:07.199446  451062 main.go:238] 		Network: host, logging: false
I0505 10:13:07.199458  451062 main.go:239] 		Strace: false, max size: 1024, syscalls: 
I0505 10:13:07.199469  451062 main.go:240] 		IOURING: false
I0505 10:13:07.199480  451062 main.go:241] 		Debug: true
I0505 10:13:07.199492  451062 main.go:242] 		Systemd: true
I0505 10:13:07.199503  451062 main.go:243] ***************************
I0505 10:13:07.200000  451062 boot.go:215] Setting product_name: "Precision 5540"
I0505 10:13:07.200016  451062 chroot.go:86] Setting up sandbox chroot in "/tmp"
I0505 10:13:07.200102  451062 chroot.go:31] Mounting "/proc" at "/tmp/proc"
W0505 10:13:07.201188  451062 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 10:13:07.201334  451062 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=d21b33714171"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/fishy/.local/share/containers/storage/overlay/618b833f925187e36e61117437b63c623ccda8ed8e1695a8890210ef3127e96c/merged"
  },
  "hostname": "d21b33714171",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/fishy",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-05T10:13:06.660552448-07:00",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
I0505 10:13:07.201499  451062 capability.go:66] Capabilities applied: { effective="sys_ptrace" permitted="sys_ptrace" inheritable="empty" bounding="chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, sys_chroot, sys_ptrace, setfcap" }
I0505 10:13:07.201517  451062 cmd.go:73] Execve "/proc/self/exe" again, bye!
I0505 10:13:07.232434  451062 main.go:224] ***************************
I0505 10:13:07.232484  451062 main.go:225] Args: [runsc-sandbox --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 boot --proc-mount-sync-fd=25 --product-name Precision 5540 --bundle=/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --total-memory 16359923712 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390]
I0505 10:13:07.232525  451062 main.go:226] Version release-20230501.0
I0505 10:13:07.232544  451062 main.go:227] GOOS: linux
I0505 10:13:07.232563  451062 main.go:228] GOARCH: amd64
I0505 10:13:07.232582  451062 main.go:229] PID: 451062
I0505 10:13:07.232603  451062 main.go:230] UID: 0, GID: 0
I0505 10:13:07.232622  451062 main.go:231] Configuration:
I0505 10:13:07.232640  451062 main.go:232] 		RootDir: /run/user/1000/runsc
I0505 10:13:07.232659  451062 main.go:233] 		Platform: ptrace
I0505 10:13:07.232678  451062 main.go:234] 		FileAccess: exclusive
I0505 10:13:07.232698  451062 main.go:235] 		Directfs: false
I0505 10:13:07.232732  451062 main.go:237] 		Overlay: Root=true, SubMounts=false, Medium="self"
I0505 10:13:07.232752  451062 main.go:238] 		Network: host, logging: false
I0505 10:13:07.232774  451062 main.go:239] 		Strace: false, max size: 1024, syscalls: 
I0505 10:13:07.232795  451062 main.go:240] 		IOURING: false
I0505 10:13:07.232820  451062 main.go:241] 		Debug: true
I0505 10:13:07.232839  451062 main.go:242] 		Systemd: true
I0505 10:13:07.232858  451062 main.go:243] ***************************
W0505 10:13:07.234442  451062 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0505 10:13:07.234741  451062 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=d21b33714171"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/fishy/.local/share/containers/storage/overlay/618b833f925187e36e61117437b63c623ccda8ed8e1695a8890210ef3127e96c/merged"
  },
  "hostname": "d21b33714171",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/fishy",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-05T10:13:06.660552448-07:00",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
W0505 10:13:07.234805  451062 util.go:64] FATAL ERROR: Error reading mounts file: error unmarshaling mounts: unexpected end of JSON input
JSON bytes:

Error reading mounts file: error unmarshaling mounts: unexpected end of JSON input
JSON bytes:

unable to read from the sync descriptor: 0, error EOF

So I'm sure it was broken on 20230320.0 and the version before it. I cannot remember what's the last version number it worked.

And also I no longer have a version that works so I don't have the debug logs. When it works I remove the debug logs from the wrapper because I don't really need all those logs laying around. When it's broken, I just switch to use crun as the runtime.

@blechschmidt
Copy link
Contributor

blechschmidt commented May 6, 2023
edited
Loading

Thank you. So this is what causes the boot process to fail:

W0505 10:13:07.234805  451062 util.go:64] FATAL ERROR: Error reading mounts file: error unmarshaling mounts: unexpected end of JSON input

So it does not look to me like this is related to the error while chowning /dev/stdin, @avagin.

Sorry for having to ask you for logs again, @fishy, but could you please also post the .gofer log? It might help to see whether this is the same issue as #8205, which occurs in rootless podman. Do you happen to run podman inside another containerized environment? Does the "solution" to #8205, i.e. adding the -TESTONLY-unsafe-nonroot argument to the wrapper script, help in your case?

I tried to reproduce the same issue on a Debian machine (Vagrant and DigitalOcean VPS) to be as close as possible to your execution environment, but I am still failing. I observe a different error: W0506 11:15:00.611892 6249 server.go:116] Control auth failure: other UID = 1000, current UID = 0

Vagrantfile 
Vagrant.configure("2") do |config|
  config.vm.box = "debian/testing64"

  config.vm.provision :shell, inline: <<~EOS
    sudo apt-get update
    sudo apt-get install -y apt-transport-https ca-certificates curl gnupg podman
    sudo curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor-archive-keyring.gpg
    sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/gvisor-archive-keyring.gpg] https://storage.googleapis.com/gvisor/releases release main" | sudo tee /etc/apt/sources.list.d/gvisor.list > /dev/null
    sudo apt-get update && sudo apt-get install -y runsc
    mkdir /home/vagrant/runsc-debug
    echo -e '#!/bin/bash\n\nexec $(which runsc) --network host --ignore-cgroups --debug --debug-log "/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%" "$@"' > /home/vagrant/runsc-debug/runtime.sh
    chmod +x /home/vagrant/runsc-debug/runtime.sh
  EOS
  # Command to run manually:
  # podman --runtime=/home/vagrant/runsc-debug/runtime.sh run --userns=keep-id --rm -v "${PWD}":/data/ --user "$(id -u):$(id -g)" --platform= ghcr.io/reddit/thrift-compiler:0.18.1 --version
end
`dpkg -s podman` 
vagrant@testing:~$ dpkg -s podman
Package: podman
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 35943
Maintainer: Debian Go Packaging Team <[email protected]>
Architecture: amd64
Source: libpod (4.3.1+ds1-6)
Version: 4.3.1+ds1-6+b2
Depends: libc6 (>= 2.34), libdevmapper1.02.1 (>= 2:1.02.97), libgpgme11 (>= 1.4.1), libseccomp2 (>= 2.5.0), libsubid4 (>= 1:4.11.1), conmon (>= 2.0.18~), golang-github-containers-common, crun | runc (>= 1.0.0~rc92~)
Recommends: buildah (>= 1.28), dbus-user-session, fuse-overlayfs (>= 1.0.0~), slirp4netns (>= 0.4.1~), catatonit | tini | dumb-init, uidmap
Suggests: containers-storage, docker-compose, iptables
Breaks: buildah (<< 1.10.1-6), fuse-overlayfs (<< 0.7.1), slirp4netns (<< 0.4.1)
Conffiles:
 /etc/cni/net.d/87-podman-bridge.conflist a87c090f17c5274af878e7106e969b60
 /etc/containers/libpod.conf ceec5a77b5f6a56d212eeed7b707d322
Description: engine to run OCI-based containers in Pods
 Podman is an engine for running OCI-based containers in Pods.
 Podman provides a CLI interface for managing Pods, Containers, and
 Container Images.
 .
 At a high level, the scope of libpod and podman is the following:
  * Support multiple image formats including the OCI and Docker image
    formats.
  * Support for multiple means to download images including trust & image
    verification.
  * Container image management (managing image layers, overlay filesystems,
    etc).
  * Full management of container lifecycle.
  * Support for pods to manage groups of containers together.
  * Resource isolation of containers and pods.
  * Support for a Docker-compatible CLI interface through Podman.
 .
 Podman is a daemon-less alternative to Docker.
Built-Using: containerd (= 1.6.18~ds1-1), docker-registry (= 2.8.1+ds1-2), docker.io (= 20.10.23+dfsg1-1), golang-1.19 (= 1.19.6-2), golang-dbus (= 5.1.0-1), golang-fsnotify (= 1.6.0-2), golang-ginkgo (= 1.16.5-3), golang-github-acarl005-stripansi (= 0.0~git20180116.5a71ef0-3), golang-github-appc-cni (= 1.1.2-1), golang-github-blang-semver (= 4.0.0-1), golang-github-buger-goterm (= 0.0+git20181115.c206103-3), golang-github-cespare-xxhash (= 2.1.1-2), golang-github-checkpoint-restore-go-criu (= 5.3.0-2), golang-github-chzyer-readline (= 1.4.39.g2972be2-3), golang-github-cilium-ebpf (= 0.9.1-1), golang-github-containerd-stargz-snapshotter (= 0.12.0-2), golang-github-containernetworking-plugins (= 1.1.1+ds1-3), golang-github-containers-buildah (= 1.28.2+ds1-1), golang-github-containers-common (= 0.50.1+ds1-4), golang-github-containers-image (= 5.23.1-3), golang-github-containers-ocicrypt (= 1.0.3-1), golang-github-containers-psgo (= 1.7.1+ds1-1), golang-github-containers-storage (= 1.43.0+ds1-7), golang-github-coreos-bbolt (= 1.3.6-2), golang-github-coreos-go-systemd (= 22.3.2-1), golang-github-cyphar-filepath-securejoin (= 0.2.3-1), golang-github-davecgh-go-spew (= 1.1.1-3), golang-github-disiqueira-gotree (= 3.0.2-2), golang-github-docker-docker-credential-helpers (= 0.6.4+ds1-1), golang-github-docker-go-connections (= 0.4.0-4), golang-github-docker-go-units (= 0.4.0-4), golang-github-docker-libtrust (= 0.0~git20150526.0.9cbd2a1-3.1), golang-github-fsouza-go-dockerclient (= 1.8.1-1), golang-github-fullsailor-pkcs7 (= 0.0~git20210826.33d0574-2), golang-github-ghodss-yaml (= 1.0.0+git20220118.d8423dc-2), golang-github-golang-protobuf-1-3 (= 1.3.5-4), golang-github-google-go-intervals (= 0.0.2-2), golang-github-google-gofuzz (= 1.2.0-1), golang-github-google-shlex (= 0.0~git20191202.e7afc7f-1), golang-github-google-uuid (= 1.3.0-1), golang-github-gorilla-handlers (= 1.5.1-3), golang-github-gorilla-mux (= 1.8.0-1), golang-github-gorilla-schema (= 1.2.0-2), golang-github-hashicorp-errwrap (= 1.1.0-1), golang-github-hashicorp-go-multierror (= 1.1.1-2), golang-github-jinzhu-copier (= 0.3.2-2), golang-github-json-iterator-go (= 1.1.12-1), golang-github-juju-ansiterm (= 1.0.0-1), golang-github-klauspost-compress (= 1.15.12+ds1-3), golang-github-klauspost-pgzip (= 1.2.5-2), golang-github-kr-fs (= 0.1.0-2), golang-github-lunixbochs-vtclean (= 1.0.0-1), golang-github-manifoldco-promptui (= 0.8.0-2), golang-github-mattn-go-colorable (= 0.1.13-1), golang-github-mattn-go-isatty (= 0.0.17-1), golang-github-mattn-go-runewidth (= 0.0.14-1), golang-github-mattn-go-shellwords (= 1.0.10-2), golang-github-moby-sys (= 0.0~git20220606.416188a-1), golang-github-moby-term (= 0.0~git20221120.abb1982-1), golang-github-modern-go-concurrent (= 1.0.3-1.1), golang-github-modern-go-reflect2 (= 1.0.2-2), golang-github-morikuni-aec (= 1.0.0-3), golang-github-nxadm-tail (= 1.4.5+ds1-5), golang-github-opencontainers-go-digest (= 1.0.0-2), golang-github-opencontainers-image-spec (= 1.1.0~rc2-1), golang-github-opencontainers-runtime-tools (= 0.9.0+git20220423.g0105384-2), golang-github-opencontainers-selinux (= 1.10.0+ds1-1), golang-github-opencontainers-specs (= 1.0.2.118.g5cfc4c3-1), golang-github-openshift-imagebuilder (= 1.2.3+ds1-2), golang-github-pkg-errors (= 0.9.1-2), golang-github-pkg-sftp (= 1.13.5-2), golang-github-pmezard-go-difflib (= 1.0.0-3), golang-github-proglottis-gpgme (= 0.1.1-2), golang-github-rivo-uniseg (= 0.4.2-1), golang-github-spf13-cobra (= 1.6.1-1), golang-github-spf13-pflag (= 1.0.6~git20210604-d5e0c0615ace-1), golang-github-sylabs-sif (= 2.8.3-1), golang-github-ulikunitz-xz (= 0.5.6-2), golang-github-vbatts-tar-split (= 0.11.2+ds1-1), golang-github-vbauerster-mpb (= 7.3.2-1), golang-github-vishvananda-netlink (= 1.1.0.125.gf243826-4), golang-github-vishvananda-netns (= 0.0~git20211101.5004558-1), golang-github-vividcortex-ewma (= 1.1.1-2), golang-github-xeipuuv-gojsonpointer (= 0.0~git20190905.02993c4-3), golang-github-xeipuuv-gojsonreference (= 0.0~git20180127.bd5ef7b-3), golang-github-xeipuuv-gojsonschema (= 1.2.0-3), golang-go-patricia (= 2.3.1-1), golang-go-zfs (= 3.0.0-1), golang-go.crypto (= 1:0.4.0-1), golang-gocapability-dev (= 0.0+git20200815.42c35b4-2), golang-gogoprotobuf (= 1.3.2-3), golang-golang-x-net (= 1:0.7.0+dfsg-1), golang-golang-x-sync (= 0.1.0-1), golang-golang-x-sys (= 0.3.0-1), golang-golang-x-term (= 0.3.0-1), golang-golang-x-text (= 0.7.0-1), golang-golang-x-xerrors (= 0.0~git20200804.5ec99f8-1), golang-gomega (= 1.10.3-1), golang-google-genproto (= 0.0~git20200413.b5235f6-3), golang-google-grpc (= 1.33.3-2), golang-google-protobuf (= 1.28.1-3), golang-gopkg-inf.v0 (= 0.9.1-2), golang-gopkg-square-go-jose.v2 (= 2.6.0-2), golang-gopkg-tomb.v1 (= 0.0~git20141024.0.dd63297-8), golang-gopkg-yaml.v3 (= 3.0.1-3), golang-k8s-sigs-yaml (= 1.3.0-1), golang-logrus (= 1.9.0-1), golang-toml (= 1.2.0-2), golang-yaml.v2 (= 2.4.0-4), rootlesskit (= 1.1.0-1), runc (= 1.1.4+ds1-1)
Homepage: https://github.com/containers/podman
`dpkg -s runsc` 
vagrant@testing:~$ dpkg -s runsc
Package: runsc
Status: install ok installed
Priority: optional
Section: contrib/devel
Maintainer: The gVisor Authors <[email protected]>
Architecture: amd64
Version: 20230501.0
Conffiles:
 /etc/containerd/runsc.toml db121cae9a154693d4a801d920bfd823
Description: gVisor container sandbox runtime
Homepage: https://gvisor.dev/
Output 
vagrant@testing:~$ podman --runtime=/home/vagrant/runsc-debug/runtime.sh run --userns=keep-id --rm -v "${PWD}":/data/ --user "$(id -u):$(id -g)" --platform= ghcr.io/reddit/thrift-compiler:0.18.1 --version
starting container: starting root container: broken pipe
Error: `/home/vagrant/runsc-debug/runtime.sh start 88a5dc6a7a87871983d18823c7df027ec2cad60f5713faa173702c92d18b3919` failed: exit status 128
Logs 
vagrant@testing:~$ for file in /tmp/runsc/*; do echo -e "\\n\\n--- FILE: $file ---\\n"; cat "$file"; done


--- FILE: /tmp/runsc/runsc.log..20230506-111500.488590.create ---

I0506 11:15:00.488695    6238 main.go:224] ***************************
I0506 11:15:00.489075    6238 main.go:225] Args: [/usr/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --systemd-cgroup create --bundle /home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --pid-file /run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/pidfile 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
I0506 11:15:00.489141    6238 main.go:226] Version release-20230501.0
I0506 11:15:00.489153    6238 main.go:227] GOOS: linux
I0506 11:15:00.489163    6238 main.go:228] GOARCH: amd64
I0506 11:15:00.489174    6238 main.go:229] PID: 6238
I0506 11:15:00.489189    6238 main.go:230] UID: 0, GID: 0
I0506 11:15:00.489200    6238 main.go:231] Configuration:
I0506 11:15:00.489211    6238 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.489223    6238 main.go:233]              Platform: ptrace
I0506 11:15:00.489233    6238 main.go:234]              FileAccess: exclusive
I0506 11:15:00.489249    6238 main.go:235]              Directfs: false
I0506 11:15:00.489260    6238 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.489272    6238 main.go:238]              Network: host, logging: false
I0506 11:15:00.489284    6238 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.489297    6238 main.go:240]              IOURING: false
I0506 11:15:00.489311    6238 main.go:241]              Debug: true
I0506 11:15:00.489322    6238 main.go:242]              Systemd: true
I0506 11:15:00.489333    6238 main.go:243] ***************************
W0506 11:15:00.490350    6238 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0506 11:15:00.490940    6238 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=92d7fac6a4ff"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/vagrant/.local/share/containers/storage/vfs/dir/15b808ce50348fc0aae755c47c7eeba857a1295ab9c2fe6c368460e14798d679"
  },
  "hostname": "92d7fac6a4ff",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/vagrant",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-06T11:14:59.940869401Z",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
D0506 11:15:00.491051    6238 container.go:192] Create container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e, rootDir: "/run/user/1000/runsc"
D0506 11:15:00.491494    6238 container.go:255] Creating new sandbox for container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
I0506 11:15:00.491851    6238 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0506 11:15:00.491869    6238 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0506 11:15:00.491873    6238 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0506 11:15:00.491877    6238 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0506 11:15:00.491881    6238 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0506 11:15:00.491885    6238 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
D0506 11:15:00.491891    6238 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230506-111500.491632.gofer"
D0506 11:15:00.492069    6238 donation.go:31] Donating FD 4: "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/config.json"
D0506 11:15:00.492075    6238 donation.go:31] Donating FD 5: "|1"
D0506 11:15:00.492078    6238 donation.go:31] Donating FD 6: "gofer IO FD"
D0506 11:15:00.492082    6238 donation.go:31] Donating FD 7: "gofer IO FD"
D0506 11:15:00.492086    6238 donation.go:31] Donating FD 8: "gofer IO FD"
D0506 11:15:00.492089    6238 donation.go:31] Donating FD 9: "gofer IO FD"
D0506 11:15:00.492093    6238 donation.go:31] Donating FD 10: "gofer IO FD"
D0506 11:15:00.492096    6238 donation.go:31] Donating FD 11: "gofer IO FD"
D0506 11:15:00.492100    6238 donation.go:31] Donating FD 12: "gofer IO FD"
D0506 11:15:00.492103    6238 container.go:1213] Starting gofer: /proc/self/exe [runsc-gofer --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 gofer --bundle /home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11 --io-fds=12]
I0506 11:15:00.493371    6238 container.go:1254] Gofer started, PID: 6244
I0506 11:15:00.493416    6238 sandbox.go:636] Failed to set RLIMIT_MEMLOCK: operation not permitted
D0506 11:15:00.493527    6238 sandbox.go:83] Attempting to create socket file "/run/user/1000/runsc/runsc-92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e.sock"
D0506 11:15:00.493566    6238 sandbox.go:86] Using socket file "/run/user/1000/runsc/runsc-92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e.sock"
I0506 11:15:00.493577    6238 sandbox.go:725] Control socket: ""
I0506 11:15:00.493597    6238 sandbox.go:761] Sandbox will be started in new mount, IPC and UTS namespaces
I0506 11:15:00.493604    6238 sandbox.go:771] Sandbox will be started in the current PID namespace
I0506 11:15:00.493612    6238 sandbox.go:782] Sandbox will be started in the container's network namespace: {Type:network Path:}
I0506 11:15:00.493625    6238 sandbox.go:802] Sandbox will be started in container's user namespace: {Type:user Path:}
I0506 11:15:00.493639    6238 namespace.go:217] Mapping host uid 1 to container uid 0 (size=1000)
I0506 11:15:00.493643    6238 namespace.go:217] Mapping host uid 0 to container uid 1000 (size=1)
I0506 11:15:00.493647    6238 namespace.go:217] Mapping host uid 1001 to container uid 1001 (size=64536)
I0506 11:15:00.493651    6238 namespace.go:225] Mapping host gid 1 to container gid 0 (size=1000)
I0506 11:15:00.493655    6238 namespace.go:225] Mapping host gid 0 to container gid 1000 (size=1)
I0506 11:15:00.493658    6238 namespace.go:225] Mapping host gid 1001 to container gid 1001 (size=64536)
I0506 11:15:00.493711    6238 sandbox.go:820] Sandbox will be started in minimal chroot
D0506 11:15:00.493723    6238 sandbox.go:1407] Changing "/dev/stdin" ownership to 0/0
W0506 11:15:00.493741    6238 sandbox.go:1410] can't change an owner of /dev/stdin: chown /dev/stdin: operation not permitted
D0506 11:15:00.493749    6238 sandbox.go:1407] Changing "/dev/stdout" ownership to 0/0
D0506 11:15:00.493755    6238 sandbox.go:1407] Changing "/dev/stderr" ownership to 0/0
D0506 11:15:00.493798    6238 donation.go:31] Donating FD 3: "/tmp/runsc/runsc.log..20230506-111500.493428.boot"
D0506 11:15:00.493808    6238 donation.go:31] Donating FD 4: "sandbox IO FD"
D0506 11:15:00.493812    6238 donation.go:31] Donating FD 5: "sandbox IO FD"
D0506 11:15:00.493816    6238 donation.go:31] Donating FD 6: "sandbox IO FD"
D0506 11:15:00.493824    6238 donation.go:31] Donating FD 7: "sandbox IO FD"
D0506 11:15:00.493831    6238 donation.go:31] Donating FD 8: "sandbox IO FD"
D0506 11:15:00.493834    6238 donation.go:31] Donating FD 9: "sandbox IO FD"
D0506 11:15:00.493838    6238 donation.go:31] Donating FD 10: "sandbox IO FD"
D0506 11:15:00.493841    6238 donation.go:31] Donating FD 11: "/home/vagrant/.local/share/containers/storage/vfs/dir/15b808ce50348fc0aae755c47c7eeba857a1295ab9c2fe6c368460e14798d679/.gvisor.overlay.img.92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e"
D0506 11:15:00.493848    6238 donation.go:31] Donating FD 12: "|0"
D0506 11:15:00.493851    6238 donation.go:31] Donating FD 13: "|1"
D0506 11:15:00.493855    6238 donation.go:31] Donating FD 14: "control_server_socket"
D0506 11:15:00.493858    6238 donation.go:31] Donating FD 15: "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/config.json"
D0506 11:15:00.493864    6238 donation.go:31] Donating FD 16: "/dev/stdin"
D0506 11:15:00.493868    6238 donation.go:31] Donating FD 17: "/dev/stdout"
D0506 11:15:00.493871    6238 donation.go:31] Donating FD 18: "/dev/stderr"
D0506 11:15:00.493875    6238 sandbox.go:999] Starting sandbox: /proc/self/exe [runsc-sandbox --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 boot --bundle=/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --apply-caps=true --setup-root --total-memory 477130752 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
D0506 11:15:00.493893    6238 sandbox.go:1000] SysProcAttr: &{Chroot: Credential:0xc000368510 Ptrace:false Setsid:true Setpgid:false Setctty:false Noctty:false Ctty:0 Foreground:false Pgid:0 Pdeathsig:signal 0 Cloneflags:0 Unshareflags:0 UidMappings:[{ContainerID:0 HostID:1 Size:1000} {ContainerID:1000 HostID:0 Size:1} {ContainerID:1001 HostID:1001 Size:64536}] GidMappings:[{ContainerID:0 HostID:1 Size:1000} {ContainerID:1000 HostID:0 Size:1} {ContainerID:1001 HostID:1001 Size:64536}] GidMappingsEnableSetgroups:false AmbientCaps:[] UseCgroupFD:false CgroupFD:0}
I0506 11:15:00.494773    6238 sandbox.go:1023] Sandbox started, PID: 6249
D0506 11:15:00.583407    6238 container.go:980] Save container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
I0506 11:15:00.583788    6238 main.go:260] Exiting with status: 0


--- FILE: /tmp/runsc/runsc.log..20230506-111500.491632.gofer ---

I0506 11:15:00.525865       1 main.go:224] ***************************
I0506 11:15:00.525952       1 main.go:225] Args: [runsc-gofer --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 gofer --bundle /home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11 --io-fds=12]
I0506 11:15:00.526011       1 main.go:226] Version release-20230501.0
I0506 11:15:00.526046       1 main.go:227] GOOS: linux
I0506 11:15:00.526073       1 main.go:228] GOARCH: amd64
I0506 11:15:00.526107       1 main.go:229] PID: 1
I0506 11:15:00.526136       1 main.go:230] UID: 0, GID: 0
I0506 11:15:00.526176       1 main.go:231] Configuration:
I0506 11:15:00.526204       1 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.526238       1 main.go:233]              Platform: ptrace
I0506 11:15:00.526265       1 main.go:234]              FileAccess: exclusive
I0506 11:15:00.526301       1 main.go:235]              Directfs: false
I0506 11:15:00.526335       1 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.526364       1 main.go:238]              Network: host, logging: false
I0506 11:15:00.526403       1 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.526431       1 main.go:240]              IOURING: false
I0506 11:15:00.526474       1 main.go:241]              Debug: true
I0506 11:15:00.526502       1 main.go:242]              Systemd: true
I0506 11:15:00.526536       1 main.go:243] ***************************
W0506 11:15:00.528567       1 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0506 11:15:00.528780       1 gofer.go:489] Mounting src: "/home/vagrant", dst: "/proc/root/data", flags: 0x5001
I0506 11:15:00.528819       1 gofer.go:489] Mounting src: "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/resolv.conf", dst: "/proc/root/etc/resolv.conf", flags: 0x1000
I0506 11:15:00.528868       1 gofer.go:489] Mounting src: "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hosts", dst: "/proc/root/etc/hosts", flags: 0x1000
I0506 11:15:00.528911       1 gofer.go:489] Mounting src: "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/shm", dst: "/proc/root/dev/shm", flags: 0x100e
I0506 11:15:00.528998       1 gofer.go:489] Mounting src: "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/.containerenv", dst: "/proc/root/run/.containerenv", flags: 0x1000
I0506 11:15:00.529054       1 gofer.go:489] Mounting src: "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hostname", dst: "/proc/root/etc/hostname", flags: 0x1000
I0506 11:15:00.529089       1 gofer.go:441] Create working directory "/data" if needed
I0506 11:15:00.529101       1 gofer.go:451] Remounting root as readonly: "/proc/root"
I0506 11:15:00.529582       1 capability.go:66] Capabilities applied: { effective="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" permitted="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" inheritable="empty" bounding="chown, dac_override, dac_read_search, fowner, fsetid, sys_chroot" }
I0506 11:15:00.529607       1 cmd.go:73] Execve "/proc/self/exe" again, bye!
I0506 11:15:00.552270       1 main.go:224] ***************************
I0506 11:15:00.552322       1 main.go:225] Args: [runsc-gofer --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --debug-log-fd=3 gofer --bundle /home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11 --io-fds=12 --apply-caps=false --setup-root=false --sync-userns-fd=-1 --proc-mount-sync-fd=19]
I0506 11:15:00.552352       1 main.go:226] Version release-20230501.0
I0506 11:15:00.552363       1 main.go:227] GOOS: linux
I0506 11:15:00.552378       1 main.go:228] GOARCH: amd64
I0506 11:15:00.552389       1 main.go:229] PID: 1
I0506 11:15:00.552400       1 main.go:230] UID: 0, GID: 0
I0506 11:15:00.552411       1 main.go:231] Configuration:
I0506 11:15:00.552421       1 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.552436       1 main.go:233]              Platform: ptrace
I0506 11:15:00.552447       1 main.go:234]              FileAccess: exclusive
I0506 11:15:00.552462       1 main.go:235]              Directfs: false
I0506 11:15:00.552473       1 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.552485       1 main.go:238]              Network: host, logging: false
I0506 11:15:00.552501       1 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.552513       1 main.go:240]              IOURING: false
I0506 11:15:00.552525       1 main.go:241]              Debug: true
I0506 11:15:00.552536       1 main.go:242]              Systemd: true
I0506 11:15:00.552552       1 main.go:243] ***************************
W0506 11:15:00.553430       1 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0506 11:15:00.553864       1 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=92d7fac6a4ff"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/vagrant/.local/share/containers/storage/vfs/dir/15b808ce50348fc0aae755c47c7eeba857a1295ab9c2fe6c368460e14798d679"
  },
  "hostname": "92d7fac6a4ff",
  "mounts": [
    {
      "destination": "/data",
      "type": "bind",
      "source": "/home/vagrant",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-06T11:14:59.940869401Z",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
I0506 11:15:00.554699       1 gofer.go:249] Process chroot'd to "/root"
I0506 11:15:00.554713       1 seccomp.go:60] Installing seccomp filters for 59 syscalls (action=kill process)
D0506 11:15:00.554905       1 seccomp.go:174] syscall filter read: [] => 0x616c6c6f77
D0506 11:15:00.554912       1 seccomp.go:174] syscall filter write: [] => 0x616c6c6f77
D0506 11:15:00.554917       1 seccomp.go:174] syscall filter close: [] => 0x616c6c6f77
D0506 11:15:00.554921       1 seccomp.go:174] syscall filter fstat: [] => 0x616c6c6f77
D0506 11:15:00.554925       1 seccomp.go:174] syscall filter lseek: [] => 0x616c6c6f77
D0506 11:15:00.554934       1 seccomp.go:174] syscall filter mmap: [( * * & 0x4 == 0x4 )] => 0x6b696c6c2070726f63657373
D0506 11:15:00.554948       1 seccomp.go:174] syscall filter mmap: [( * * * == 0x1 ) ( * * * == 0x22 ) ( * * * == 0x32 )] => 0x616c6c6f77
D0506 11:15:00.554970       1 seccomp.go:174] syscall filter mprotect: [( * * & 0x4 == 0x4 )] => 0x6b696c6c2070726f63657373
D0506 11:15:00.554975       1 seccomp.go:174] syscall filter mprotect: [] => 0x616c6c6f77
D0506 11:15:00.554985       1 seccomp.go:174] syscall filter munmap: [] => 0x616c6c6f77
D0506 11:15:00.554994       1 seccomp.go:174] syscall filter rt_sigaction: [] => 0x616c6c6f77
D0506 11:15:00.554999       1 seccomp.go:174] syscall filter rt_sigprocmask: [] => 0x616c6c6f77
D0506 11:15:00.555003       1 seccomp.go:174] syscall filter rt_sigreturn: [] => 0x616c6c6f77
D0506 11:15:00.555007       1 seccomp.go:174] syscall filter pread64: [] => 0x616c6c6f77
D0506 11:15:00.555011       1 seccomp.go:174] syscall filter pwrite64: [] => 0x616c6c6f77
D0506 11:15:00.555015       1 seccomp.go:174] syscall filter sched_yield: [] => 0x616c6c6f77
D0506 11:15:00.555019       1 seccomp.go:174] syscall filter madvise: [] => 0x616c6c6f77
D0506 11:15:00.555023       1 seccomp.go:174] syscall filter dup: [] => 0x616c6c6f77
D0506 11:15:00.555028       1 seccomp.go:174] syscall filter nanosleep: [] => 0x616c6c6f77
D0506 11:15:00.555032       1 seccomp.go:174] syscall filter getpid: [] => 0x616c6c6f77
D0506 11:15:00.555036       1 seccomp.go:174] syscall filter accept: [] => 0x616c6c6f77
D0506 11:15:00.555040       1 seccomp.go:174] syscall filter sendmsg: [( * * == 0x0 ) ( * * == 0x4040 )] => 0x616c6c6f77
D0506 11:15:00.555056       1 seccomp.go:174] syscall filter recvmsg: [( * * == 0x60 ) ( * * == 0x62 )] => 0x616c6c6f77
D0506 11:15:00.555063       1 seccomp.go:174] syscall filter shutdown: [( * == 0x2 )] => 0x616c6c6f77
D0506 11:15:00.555068       1 seccomp.go:174] syscall filter socketpair: [( == 0x1 == 0x80005 == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.555074       1 seccomp.go:174] syscall filter clone: [( == 0xd0f00 * == 0x0 == 0x0 * )] => 0x616c6c6f77
D0506 11:15:00.555080       1 seccomp.go:174] syscall filter exit: [] => 0x616c6c6f77
D0506 11:15:00.555085       1 seccomp.go:174] syscall filter fcntl: [( * == 0x3 ) ( * == 0x4 ) ( * == 0x1 ) ( * == 0x409 )] => 0x616c6c6f77
D0506 11:15:00.555093       1 seccomp.go:174] syscall filter fsync: [] => 0x616c6c6f77
D0506 11:15:00.555097       1 seccomp.go:174] syscall filter ftruncate: [] => 0x616c6c6f77
D0506 11:15:00.555101       1 seccomp.go:174] syscall filter fchmod: [] => 0x616c6c6f77
D0506 11:15:00.555105       1 seccomp.go:174] syscall filter gettimeofday: [] => 0x616c6c6f77
D0506 11:15:00.555109       1 seccomp.go:174] syscall filter sigaltstack: [] => 0x616c6c6f77
D0506 11:15:00.555117       1 seccomp.go:174] syscall filter fstatfs: [] => 0x616c6c6f77
D0506 11:15:00.555121       1 seccomp.go:174] syscall filter gettid: [] => 0x616c6c6f77
D0506 11:15:00.555125       1 seccomp.go:174] syscall filter futex: [( * == 0x80 * * == 0x0 ) ( * == 0x81 * * == 0x0 ) ( * == 0x0 * * ) ( * == 0x1 * * )] => 0x616c6c6f77
D0506 11:15:00.555134       1 seccomp.go:174] syscall filter getdents64: [] => 0x616c6c6f77
D0506 11:15:00.555139       1 seccomp.go:174] syscall filter restart_syscall: [] => 0x616c6c6f77
D0506 11:15:00.555143       1 seccomp.go:174] syscall filter clock_gettime: [] => 0x616c6c6f77
D0506 11:15:00.555147       1 seccomp.go:174] syscall filter exit_group: [] => 0x616c6c6f77
D0506 11:15:00.555151       1 seccomp.go:174] syscall filter epoll_ctl: [] => 0x616c6c6f77
D0506 11:15:00.555155       1 seccomp.go:174] syscall filter tgkill: [( == 0x1 )] => 0x616c6c6f77
D0506 11:15:00.555160       1 seccomp.go:174] syscall filter openat: [] => 0x616c6c6f77
D0506 11:15:00.555164       1 seccomp.go:174] syscall filter mkdirat: [] => 0x616c6c6f77
D0506 11:15:00.555168       1 seccomp.go:174] syscall filter mknodat: [] => 0x616c6c6f77
D0506 11:15:00.555178       1 seccomp.go:174] syscall filter fchownat: [] => 0x616c6c6f77
D0506 11:15:00.555182       1 seccomp.go:174] syscall filter newfstatat: [] => 0x616c6c6f77
D0506 11:15:00.555187       1 seccomp.go:174] syscall filter unlinkat: [] => 0x616c6c6f77
D0506 11:15:00.555191       1 seccomp.go:174] syscall filter renameat: [] => 0x616c6c6f77
D0506 11:15:00.555199       1 seccomp.go:174] syscall filter linkat: [] => 0x616c6c6f77
D0506 11:15:00.555204       1 seccomp.go:174] syscall filter symlinkat: [] => 0x616c6c6f77
D0506 11:15:00.555208       1 seccomp.go:174] syscall filter readlinkat: [] => 0x616c6c6f77
D0506 11:15:00.555212       1 seccomp.go:174] syscall filter fchmodat: [] => 0x616c6c6f77
D0506 11:15:00.555219       1 seccomp.go:174] syscall filter ppoll: [] => 0x616c6c6f77
D0506 11:15:00.555223       1 seccomp.go:174] syscall filter utimensat: [] => 0x616c6c6f77
D0506 11:15:00.555227       1 seccomp.go:174] syscall filter epoll_pwait: [( * * * * == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.555238       1 seccomp.go:174] syscall filter fallocate: [( * == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.555243       1 seccomp.go:174] syscall filter eventfd2: [( == 0x0 == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.555248       1 seccomp.go:174] syscall filter getcpu: [( * == 0x0 == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.555253       1 seccomp.go:174] syscall filter getrandom: [] => 0x616c6c6f77
D0506 11:15:00.555258       1 seccomp.go:174] syscall filter memfd_create: [] => 0x616c6c6f77
D0506 11:15:00.555748       1 seccomp.go:77] Seccomp program dump:
0: A <- P[4:4]
1: pc += (A == 3221225534) ? 1 [3] : 0 [2]
2: ret 2147483648
3: A <- P[0:4]
4: pc += (A == 96) ? 3 [8] : 0 [5]
5: pc += (A > 96) ? 0 [6] : 1 [7]
6: pc += 219 [226]
7: pc += 1 [9]
8: ret 2147418112
9: pc += (A == 28) ? 3 [13] : 0 [10]
10: pc += (A > 28) ? 0 [11] : 1 [12]
11: pc += 87 [99]
12: pc += 1 [14]
13: ret 2147418112
14: pc += (A == 11) ? 3 [18] : 0 [15]
15: pc += (A > 11) ? 0 [16] : 1 [17]
16: pc += 58 [75]
17: pc += 1 [19]
18: ret 2147418112
19: pc += (A == 5) ? 3 [23] : 0 [20]
20: pc += (A > 5) ? 0 [21] : 1 [22]
21: pc += 13 [35]
22: pc += 1 [24]
23: ret 2147418112
24: pc += (A == 1) ? 3 [28] : 0 [25]
25: pc += (A > 1) ? 0 [26] : 1 [27]
26: pc += 5 [32]
27: pc += 1 [29]
28: ret 2147418112
29: pc += (A == 0) ? 1 [31] : 0 [30]
30: pc += 373 [404]
31: ret 2147418112
32: pc += (A == 3) ? 1 [34] : 0 [33]
33: pc += 370 [404]
34: ret 2147418112
35: pc += (A == 9) ? 3 [39] : 0 [36]
36: pc += (A > 9) ? 0 [37] : 1 [38]
37: pc += 27 [65]
38: pc += 23 [62]
39: A <- P[32:4]
40: A <- A & 4
41: pc += (A == 4) ? 0 [42] : 4 [46]
42: A <- P[36:4]
43: A <- A & 0
44: pc += (A == 0) ? 0 [45] : 1 [46]
45: ret 2147483648
46: A <- P[40:4]
47: pc += (A == 1) ? 0 [48] : 3 [51]
48: A <- P[44:4]
49: pc += (A == 0) ? 0 [50] : 1 [51]
50: ret 2147418112
51: A <- P[40:4]
52: pc += (A == 34) ? 0 [53] : 3 [56]
53: A <- P[44:4]
54: pc += (A == 0) ? 0 [55] : 1 [56]
55: ret 2147418112
56: A <- P[40:4]
57: pc += (A == 50) ? 0 [58] : 3 [61]
58: A <- P[44:4]
59: pc += (A == 0) ? 0 [60] : 1 [61]
60: ret 2147418112
61: pc += 342 [404]
62: pc += (A == 8) ? 1 [64] : 0 [63]
63: pc += 340 [404]
64: ret 2147418112
65: pc += (A == 10) ? 1 [67] : 0 [66]
66: pc += 337 [404]
67: A <- P[32:4]
68: A <- A & 4
69: pc += (A == 4) ? 0 [70] : 4 [74]
70: A <- P[36:4]
71: A <- A & 0
72: pc += (A == 0) ? 0 [73] : 1 [74]
73: ret 2147483648
74: ret 2147418112
75: pc += (A == 17) ? 3 [79] : 0 [76]
76: pc += (A > 17) ? 0 [77] : 1 [78]
77: pc += 13 [91]
78: pc += 1 [80]
79: ret 2147418112
80: pc += (A == 14) ? 3 [84] : 0 [81]
81: pc += (A > 14) ? 0 [82] : 1 [83]
82: pc += 5 [88]
83: pc += 1 [85]
84: ret 2147418112
85: pc += (A == 13) ? 1 [87] : 0 [86]
86: pc += 317 [404]
87: ret 2147418112
88: pc += (A == 15) ? 1 [90] : 0 [89]
89: pc += 314 [404]
90: ret 2147418112
91: pc += (A == 24) ? 3 [95] : 0 [92]
92: pc += (A > 24) ? 0 [93] : 1 [94]
93: pc += 310 [404]
94: pc += 1 [96]
95: ret 2147418112
96: pc += (A == 18) ? 1 [98] : 0 [97]
97: pc += 306 [404]
98: ret 2147418112
99: pc += (A == 53) ? 3 [103] : 0 [100]
100: pc += (A > 53) ? 0 [101] : 1 [102]
101: pc += 67 [169]
102: pc += 14 [117]
103: A <- P[16:4]
104: pc += (A == 1) ? 0 [105] : 11 [116]
105: A <- P[20:4]
106: pc += (A == 0) ? 0 [107] : 9 [116]
107: A <- P[24:4]
108: pc += (A == 524293) ? 0 [109] : 7 [116]
109: A <- P[28:4]
110: pc += (A == 0) ? 0 [111] : 5 [116]
111: A <- P[32:4]
112: pc += (A == 0) ? 0 [113] : 3 [116]
113: A <- P[36:4]
114: pc += (A == 0) ? 0 [115] : 1 [116]
115: ret 2147418112
116: pc += 287 [404]
117: pc += (A == 43) ? 3 [121] : 0 [118]
118: pc += (A > 43) ? 0 [119] : 1 [120]
119: pc += 13 [133]
120: pc += 1 [122]
121: ret 2147418112
122: pc += (A == 35) ? 3 [126] : 0 [123]
123: pc += (A > 35) ? 0 [124] : 1 [125]
124: pc += 5 [130]
125: pc += 1 [127]
126: ret 2147418112
127: pc += (A == 32) ? 1 [129] : 0 [128]
128: pc += 275 [404]
129: ret 2147418112
130: pc += (A == 39) ? 1 [132] : 0 [131]
131: pc += 272 [404]
132: ret 2147418112
133: pc += (A == 47) ? 3 [137] : 0 [134]
134: pc += (A > 47) ? 0 [135] : 1 [136]
135: pc += 25 [161]
136: pc += 11 [148]
137: A <- P[32:4]
138: pc += (A == 96) ? 0 [139] : 3 [142]
139: A <- P[36:4]
140: pc += (A == 0) ? 0 [141] : 1 [142]
141: ret 2147418112
142: A <- P[32:4]
143: pc += (A == 98) ? 0 [144] : 3 [147]
144: A <- P[36:4]
145: pc += (A == 0) ? 0 [146] : 1 [147]
146: ret 2147418112
147: pc += 256 [404]
148: pc += (A == 46) ? 1 [150] : 0 [149]
149: pc += 254 [404]
150: A <- P[32:4]
151: pc += (A == 0) ? 0 [152] : 3 [155]
152: A <- P[36:4]
153: pc += (A == 0) ? 0 [154] : 1 [155]
154: ret 2147418112
155: A <- P[32:4]
156: pc += (A == 16448) ? 0 [157] : 3 [160]
157: A <- P[36:4]
158: pc += (A == 0) ? 0 [159] : 1 [160]
159: ret 2147418112
160: pc += 243 [404]
161: pc += (A == 48) ? 1 [163] : 0 [162]
162: pc += 241 [404]
163: A <- P[24:4]
164: pc += (A == 2) ? 0 [165] : 3 [168]
165: A <- P[28:4]
166: pc += (A == 0) ? 0 [167] : 1 [168]
167: ret 2147418112
168: pc += 235 [404]
169: pc += (A == 74) ? 3 [173] : 0 [170]
170: pc += (A > 74) ? 0 [171] : 1 [172]
171: pc += 46 [218]
172: pc += 1 [174]
173: ret 2147418112
174: pc += (A == 60) ? 3 [178] : 0 [175]
175: pc += (A > 60) ? 0 [176] : 1 [177]
176: pc += 18 [195]
177: pc += 1 [179]
178: ret 2147418112
179: pc += (A == 56) ? 1 [181] : 0 [180]
180: pc += 223 [404]
181: A <- P[16:4]
182: pc += (A == 855808) ? 0 [183] : 11 [194]
183: A <- P[20:4]
184: pc += (A == 0) ? 0 [185] : 9 [194]
185: A <- P[32:4]
186: pc += (A == 0) ? 0 [187] : 7 [194]
187: A <- P[36:4]
188: pc += (A == 0) ? 0 [189] : 5 [194]
189: A <- P[40:4]
190: pc += (A == 0) ? 0 [191] : 3 [194]
191: A <- P[44:4]
192: pc += (A == 0) ? 0 [193] : 1 [194]
193: ret 2147418112
194: pc += 209 [404]
195: pc += (A == 72) ? 1 [197] : 0 [196]
196: pc += 207 [404]
197: A <- P[24:4]
198: pc += (A == 3) ? 0 [199] : 3 [202]
199: A <- P[28:4]
200: pc += (A == 0) ? 0 [201] : 1 [202]
201: ret 2147418112
202: A <- P[24:4]
203: pc += (A == 4) ? 0 [204] : 3 [207]
204: A <- P[28:4]
205: pc += (A == 0) ? 0 [206] : 1 [207]
206: ret 2147418112
207: A <- P[24:4]
208: pc += (A == 1) ? 0 [209] : 3 [212]
209: A <- P[28:4]
210: pc += (A == 0) ? 0 [211] : 1 [212]
211: ret 2147418112
212: A <- P[24:4]
213: pc += (A == 1033) ? 0 [214] : 3 [217]
214: A <- P[28:4]
215: pc += (A == 0) ? 0 [216] : 1 [217]
216: ret 2147418112
217: pc += 186 [404]
218: pc += (A == 91) ? 3 [222] : 0 [219]
219: pc += (A > 91) ? 0 [220] : 1 [221]
220: pc += 183 [404]
221: pc += 1 [223]
222: ret 2147418112
223: pc += (A == 77) ? 1 [225] : 0 [224]
224: pc += 179 [404]
225: ret 2147418112
226: pc += (A == 262) ? 3 [230] : 0 [227]
227: pc += (A > 262) ? 0 [228] : 1 [229]
228: pc += 91 [320]
229: pc += 1 [231]
230: ret 2147418112
231: pc += (A == 231) ? 3 [235] : 0 [232]
232: pc += (A > 231) ? 0 [233] : 1 [234]
233: pc += 57 [291]
234: pc += 1 [236]
235: ret 2147418112
236: pc += (A == 202) ? 3 [240] : 0 [237]
237: pc += (A > 202) ? 0 [238] : 1 [239]
238: pc += 41 [280]
239: pc += 29 [269]
240: A <- P[24:4]
241: pc += (A == 128) ? 0 [242] : 7 [249]
242: A <- P[28:4]
243: pc += (A == 0) ? 0 [244] : 5 [249]
244: A <- P[48:4]
245: pc += (A == 0) ? 0 [246] : 3 [249]
246: A <- P[52:4]
247: pc += (A == 0) ? 0 [248] : 1 [249]
248: ret 2147418112
249: A <- P[24:4]
250: pc += (A == 129) ? 0 [251] : 7 [258]
251: A <- P[28:4]
252: pc += (A == 0) ? 0 [253] : 5 [258]
253: A <- P[48:4]
254: pc += (A == 0) ? 0 [255] : 3 [258]
255: A <- P[52:4]
256: pc += (A == 0) ? 0 [257] : 1 [258]
257: ret 2147418112
258: A <- P[24:4]
259: pc += (A == 0) ? 0 [260] : 3 [263]
260: A <- P[28:4]
261: pc += (A == 0) ? 0 [262] : 1 [263]
262: ret 2147418112
263: A <- P[24:4]
264: pc += (A == 1) ? 0 [265] : 3 [268]
265: A <- P[28:4]
266: pc += (A == 0) ? 0 [267] : 1 [268]
267: ret 2147418112
268: pc += 135 [404]
269: pc += (A == 138) ? 3 [273] : 0 [270]
270: pc += (A > 138) ? 0 [271] : 1 [272]
271: pc += 5 [277]
272: pc += 1 [274]
273: ret 2147418112
274: pc += (A == 131) ? 1 [276] : 0 [275]
275: pc += 128 [404]
276: ret 2147418112
277: pc += (A == 186) ? 1 [279] : 0 [278]
278: pc += 125 [404]
279: ret 2147418112
280: pc += (A == 219) ? 3 [284] : 0 [281]
281: pc += (A > 219) ? 0 [282] : 1 [283]
282: pc += 5 [288]
283: pc += 1 [285]
284: ret 2147418112
285: pc += (A == 217) ? 1 [287] : 0 [286]
286: pc += 117 [404]
287: ret 2147418112
288: pc += (A == 228) ? 1 [290] : 0 [289]
289: pc += 114 [404]
290: ret 2147418112
291: pc += (A == 258) ? 3 [295] : 0 [292]
292: pc += (A > 258) ? 0 [293] : 1 [294]
293: pc += 18 [312]
294: pc += 1 [296]
295: ret 2147418112
296: pc += (A == 234) ? 3 [300] : 0 [297]
297: pc += (A > 234) ? 0 [298] : 1 [299]
298: pc += 10 [309]
299: pc += 6 [306]
300: A <- P[16:4]
301: pc += (A == 1) ? 0 [302] : 3 [305]
302: A <- P[20:4]
303: pc += (A == 0) ? 0 [304] : 1 [305]
304: ret 2147418112
305: pc += 98 [404]
306: pc += (A == 233) ? 1 [308] : 0 [307]
307: pc += 96 [404]
308: ret 2147418112
309: pc += (A == 257) ? 1 [311] : 0 [310]
310: pc += 93 [404]
311: ret 2147418112
312: pc += (A == 260) ? 3 [316] : 0 [313]
313: pc += (A > 260) ? 0 [314] : 1 [315]
314: pc += 89 [404]
315: pc += 1 [317]
316: ret 2147418112
317: pc += (A == 259) ? 1 [319] : 0 [318]
318: pc += 85 [404]
319: ret 2147418112
320: pc += (A == 280) ? 3 [324] : 0 [321]
321: pc += (A > 280) ? 0 [322] : 1 [323]
322: pc += 29 [352]
323: pc += 1 [325]
324: ret 2147418112
325: pc += (A == 266) ? 3 [329] : 0 [326]
326: pc += (A > 266) ? 0 [327] : 1 [328]
327: pc += 13 [341]
328: pc += 1 [330]
329: ret 2147418112
330: pc += (A == 264) ? 3 [334] : 0 [331]
331: pc += (A > 264) ? 0 [332] : 1 [333]
332: pc += 5 [338]
333: pc += 1 [335]
334: ret 2147418112
335: pc += (A == 263) ? 1 [337] : 0 [336]
336: pc += 67 [404]
337: ret 2147418112
338: pc += (A == 265) ? 1 [340] : 0 [339]
339: pc += 64 [404]
340: ret 2147418112
341: pc += (A == 268) ? 3 [345] : 0 [342]
342: pc += (A > 268) ? 0 [343] : 1 [344]
343: pc += 5 [349]
344: pc += 1 [346]
345: ret 2147418112
346: pc += (A == 267) ? 1 [348] : 0 [347]
347: pc += 56 [404]
348: ret 2147418112
349: pc += (A == 271) ? 1 [351] : 0 [350]
350: pc += 53 [404]
351: ret 2147418112
352: pc += (A == 309) ? 3 [356] : 0 [353]
353: pc += (A > 309) ? 0 [354] : 1 [355]
354: pc += 41 [396]
355: pc += 10 [366]
356: A <- P[24:4]
357: pc += (A == 0) ? 0 [358] : 7 [365]
358: A <- P[28:4]
359: pc += (A == 0) ? 0 [360] : 5 [365]
360: A <- P[32:4]
361: pc += (A == 0) ? 0 [362] : 3 [365]
362: A <- P[36:4]
363: pc += (A == 0) ? 0 [364] : 1 [365]
364: ret 2147418112
365: pc += 38 [404]
366: pc += (A == 285) ? 3 [370] : 0 [367]
367: pc += (A > 285) ? 0 [368] : 1 [369]
368: pc += 15 [384]
369: pc += 6 [376]
370: A <- P[24:4]
371: pc += (A == 0) ? 0 [372] : 3 [375]
372: A <- P[28:4]
373: pc += (A == 0) ? 0 [374] : 1 [375]
374: ret 2147418112
375: pc += 28 [404]
376: pc += (A == 281) ? 1 [378] : 0 [377]
377: pc += 26 [404]
378: A <- P[48:4]
379: pc += (A == 0) ? 0 [380] : 3 [383]
380: A <- P[52:4]
381: pc += (A == 0) ? 0 [382] : 1 [383]
382: ret 2147418112
383: pc += 20 [404]
384: pc += (A == 290) ? 1 [386] : 0 [385]
385: pc += 18 [404]
386: A <- P[16:4]
387: pc += (A == 0) ? 0 [388] : 7 [395]
388: A <- P[20:4]
389: pc += (A == 0) ? 0 [390] : 5 [395]
390: A <- P[24:4]
391: pc += (A == 0) ? 0 [392] : 3 [395]
392: A <- P[28:4]
393: pc += (A == 0) ? 0 [394] : 1 [395]
394: ret 2147418112
395: pc += 8 [404]
396: pc += (A == 319) ? 3 [400] : 0 [397]
397: pc += (A > 319) ? 0 [398] : 1 [399]
398: pc += 5 [404]
399: pc += 1 [401]
400: ret 2147418112
401: pc += (A == 318) ? 1 [403] : 0 [402]
402: pc += 1 [404]
403: ret 2147418112
404: ret 2147483648

I0506 11:15:00.555935       1 seccomp.go:88] Seccomp filters installed.
I0506 11:15:00.555952       1 gofer.go:294] Serving "/" mapped to "/root" on FD 6 (ro: true)
I0506 11:15:00.555960       1 gofer.go:315] Serving "/data" mapped on FD 7 (ro: false)
I0506 11:15:00.555973       1 gofer.go:315] Serving "/etc/resolv.conf" mapped on FD 8 (ro: false)
I0506 11:15:00.555981       1 gofer.go:315] Serving "/etc/hosts" mapped on FD 9 (ro: false)
I0506 11:15:00.555989       1 gofer.go:315] Serving "/dev/shm" mapped on FD 10 (ro: false)
I0506 11:15:00.555997       1 gofer.go:315] Serving "/run/.containerenv" mapped on FD 11 (ro: false)
I0506 11:15:00.556005       1 gofer.go:315] Serving "/etc/hostname" mapped on FD 12 (ro: false)
D0506 11:15:00.642248       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.642256       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.642298       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.642009       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.642350       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.641974       1 connection.go:127] sock read failed, closing connection: EOF
D0506 11:15:00.642367       1 connection.go:127] sock read failed, closing connection: EOF
I0506 11:15:00.642390       1 gofer.go:333] All lisafs servers exited.
I0506 11:15:00.642407       1 main.go:260] Exiting with status: 0


--- FILE: /tmp/runsc/runsc.log..20230506-111500.493428.boot ---

I0506 11:15:00.513556    6249 main.go:224] ***************************
I0506 11:15:00.513590    6249 main.go:225] Args: [runsc-sandbox --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 boot --bundle=/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --apply-caps=true --setup-root --total-memory 477130752 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
I0506 11:15:00.513614    6249 main.go:226] Version release-20230501.0
I0506 11:15:00.513624    6249 main.go:227] GOOS: linux
I0506 11:15:00.513635    6249 main.go:228] GOARCH: amd64
I0506 11:15:00.513646    6249 main.go:229] PID: 6249
I0506 11:15:00.513660    6249 main.go:230] UID: 0, GID: 0
I0506 11:15:00.513671    6249 main.go:231] Configuration:
I0506 11:15:00.513682    6249 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.513693    6249 main.go:233]              Platform: ptrace
I0506 11:15:00.513703    6249 main.go:234]              FileAccess: exclusive
I0506 11:15:00.513720    6249 main.go:235]              Directfs: false
I0506 11:15:00.513733    6249 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.513746    6249 main.go:238]              Network: host, logging: false
I0506 11:15:00.513759    6249 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.513770    6249 main.go:240]              IOURING: false
I0506 11:15:00.513785    6249 main.go:241]              Debug: true
I0506 11:15:00.513795    6249 main.go:242]              Systemd: true
I0506 11:15:00.513806    6249 main.go:243] ***************************
I0506 11:15:00.514233    6249 boot.go:215] Setting product_name: "VirtualBox"
I0506 11:15:00.514417    6249 chroot.go:86] Setting up sandbox chroot in "/tmp"
I0506 11:15:00.514514    6249 chroot.go:31] Mounting "/proc" at "/tmp/proc"
W0506 11:15:00.515556    6249 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0506 11:15:00.515726    6249 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=92d7fac6a4ff"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/vagrant/.local/share/containers/storage/vfs/dir/15b808ce50348fc0aae755c47c7eeba857a1295ab9c2fe6c368460e14798d679"
  },
  "hostname": "92d7fac6a4ff",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/vagrant",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-06T11:14:59.940869401Z",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
I0506 11:15:00.516016    6249 capability.go:66] Capabilities applied: { effective="sys_ptrace" permitted="sys_ptrace" inheritable="empty" bounding="chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, sys_chroot, sys_ptrace, setfcap" }
I0506 11:15:00.516039    6249 cmd.go:73] Execve "/proc/self/exe" again, bye!
I0506 11:15:00.536504    6249 main.go:224] ***************************
I0506 11:15:00.536578    6249 main.go:225] Args: [runsc-sandbox --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 boot --proc-mount-sync-fd=25 --product-name VirtualBox --bundle=/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata --total-memory 477130752 --io-fds=4 --io-fds=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --overlay-filestore-fds=11 --mounts-fd=12 --start-sync-fd=13 --controller-fd=14 --spec-fd=15 --stdio-fds=16 --stdio-fds=17 --stdio-fds=18 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
I0506 11:15:00.536638    6249 main.go:226] Version release-20230501.0
I0506 11:15:00.536673    6249 main.go:227] GOOS: linux
I0506 11:15:00.536701    6249 main.go:228] GOARCH: amd64
I0506 11:15:00.536735    6249 main.go:229] PID: 6249
I0506 11:15:00.536772    6249 main.go:230] UID: 0, GID: 0
I0506 11:15:00.536801    6249 main.go:231] Configuration:
I0506 11:15:00.536835    6249 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.536862    6249 main.go:233]              Platform: ptrace
I0506 11:15:00.536897    6249 main.go:234]              FileAccess: exclusive
I0506 11:15:00.536930    6249 main.go:235]              Directfs: false
I0506 11:15:00.536964    6249 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.536993    6249 main.go:238]              Network: host, logging: false
I0506 11:15:00.537030    6249 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.537057    6249 main.go:240]              IOURING: false
I0506 11:15:00.537096    6249 main.go:241]              Debug: true
I0506 11:15:00.537123    6249 main.go:242]              Systemd: true
I0506 11:15:00.537158    6249 main.go:243] ***************************
W0506 11:15:00.540236    6249 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0506 11:15:00.540527    6249 specutils.go:85] Spec:
{
  "ociVersion": "1.0.2-dev",
  "process": {
    "user": {
      "uid": 1000,
      "gid": 1000,
      "umask": 18,
      "additionalGids": [
        1000
      ]
    },
    "args": [
      "/usr/local/bin/thrift",
      "--version"
    ],
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm",
      "container=podman",
      "HOME=/data",
      "HOSTNAME=92d7fac6a4ff"
    ],
    "cwd": "/data"
  },
  "root": {
    "path": "/home/vagrant/.local/share/containers/storage/vfs/dir/15b808ce50348fc0aae755c47c7eeba857a1295ab9c2fe6c368460e14798d679"
  },
  "hostname": "92d7fac6a4ff",
  "mounts": [
    {
      "destination": "/data/",
      "type": "bind",
      "source": "/home/vagrant",
      "options": [
        "rw",
        "rprivate",
        "rbind"
      ]
    },
    {
      "destination": "/proc",
      "type": "proc",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/proc",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/dev",
      "type": "tmpfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/tmpfs",
      "options": [
        "nosuid",
        "noexec",
        "strictatime",
        "mode=755",
        "size=65536k"
      ]
    },
    {
      "destination": "/sys",
      "type": "sysfs",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/sysfs",
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ]
    },
    {
      "destination": "/dev/pts",
      "type": "devpts",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/devpts",
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ]
    },
    {
      "destination": "/dev/mqueue",
      "type": "mqueue",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/mqueue",
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/etc/resolv.conf",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/resolv.conf",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hosts",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hosts",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/dev/shm",
      "type": "bind",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/shm",
      "options": [
        "bind",
        "rprivate",
        "nosuid",
        "noexec",
        "nodev"
      ]
    },
    {
      "destination": "/run/.containerenv",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/.containerenv",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/etc/hostname",
      "type": "bind",
      "source": "/run/user/1000/containers/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/hostname",
      "options": [
        "bind",
        "rprivate"
      ]
    },
    {
      "destination": "/sys/fs/cgroup",
      "type": "cgroup",
      "source": "/home/vagrant/.local/share/containers/storage/vfs-containers/92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e/userdata/cgroup",
      "options": [
        "rprivate",
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ]
    }
  ],
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2023-05-06T11:14:59.940869401Z",
    "io.kubernetes.cri-o.TTY": "false",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  },
  "linux": {
    "uidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "gidMappings": [
      {
        "containerID": 0,
        "hostID": 1,
        "size": 1000
      },
      {
        "containerID": 1000,
        "hostID": 0,
        "size": 1
      },
      {
        "containerID": 1001,
        "hostID": 1001,
        "size": 64536
      }
    ],
    "sysctl": {
      "net.ipv4.ping_group_range": "0 0"
    },
    "resources": {
      "pids": {
        "limit": 2048
      }
    },
    "cgroupsPath": "user.slice:libpod:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e",
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      },
      {
        "type": "user"
      },
      {
        "type": "cgroup"
      }
    ]
  }
}
I0506 11:15:00.579415    6249 loader.go:584] Platform: ptrace
D0506 11:15:00.579554    6249 seccomp.go:174] syscall filter mmap: [] => 0x616c6c6f77
D0506 11:15:00.579724    6249 seccomp.go:174] syscall filter munmap: [] => 0x616c6c6f77
D0506 11:15:00.579743    6249 seccomp.go:174] syscall filter getpid: [] => 0x616c6c6f77
D0506 11:15:00.579749    6249 seccomp.go:174] syscall filter clone: [( == 0x409 ) ( == 0x12f00 )] => 0x616c6c6f77
D0506 11:15:00.579762    6249 seccomp.go:174] syscall filter exit: [] => 0x616c6c6f77
D0506 11:15:00.579767    6249 seccomp.go:174] syscall filter wait4: [] => 0x616c6c6f77
D0506 11:15:00.579772    6249 seccomp.go:174] syscall filter kill: [( * == 0x13 )] => 0x616c6c6f77
D0506 11:15:00.579779    6249 seccomp.go:174] syscall filter gettimeofday: [] => 0x7472617020283029
D0506 11:15:00.579783    6249 seccomp.go:174] syscall filter getppid: [] => 0x616c6c6f77
D0506 11:15:00.579788    6249 seccomp.go:174] syscall filter prctl: [( == 0x1 == 0x9 )] => 0x616c6c6f77
D0506 11:15:00.579798    6249 seccomp.go:174] syscall filter arch_prctl: [( == 0x1012 == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.579803    6249 seccomp.go:174] syscall filter time: [] => 0x7472617020283029
D0506 11:15:00.579808    6249 seccomp.go:174] syscall filter getcpu: [] => 0x7472617020283029
I0506 11:15:00.580518    6249 subprocess_linux.go:49] Latest seccomp behavior found (kernel >= 4.8 likely)
D0506 11:15:00.580684    6249 seccomp.go:174] syscall filter mmap: [] => 0x616c6c6f77
D0506 11:15:00.580692    6249 seccomp.go:174] syscall filter munmap: [] => 0x616c6c6f77
D0506 11:15:00.580696    6249 seccomp.go:174] syscall filter getpid: [] => 0x616c6c6f77
D0506 11:15:00.580701    6249 seccomp.go:174] syscall filter clone: [( == 0x409 ) ( == 0x12f00 )] => 0x616c6c6f77
D0506 11:15:00.580716    6249 seccomp.go:174] syscall filter exit: [] => 0x616c6c6f77
D0506 11:15:00.580720    6249 seccomp.go:174] syscall filter wait4: [] => 0x616c6c6f77
D0506 11:15:00.580725    6249 seccomp.go:174] syscall filter kill: [( * == 0x13 )] => 0x616c6c6f77
D0506 11:15:00.580730    6249 seccomp.go:174] syscall filter gettimeofday: [] => 0x7472617020283029
D0506 11:15:00.580735    6249 seccomp.go:174] syscall filter getppid: [] => 0x616c6c6f77
D0506 11:15:00.580739    6249 seccomp.go:174] syscall filter prctl: [( == 0x1 == 0x9 )] => 0x616c6c6f77
D0506 11:15:00.580746    6249 seccomp.go:174] syscall filter arch_prctl: [( == 0x1012 == 0x0 )] => 0x616c6c6f77
D0506 11:15:00.580751    6249 seccomp.go:174] syscall filter time: [] => 0x7472617020283029
D0506 11:15:00.580756    6249 seccomp.go:174] syscall filter getcpu: [] => 0x7472617020283029
I0506 11:15:00.582584    6249 loader.go:389] CPUs: 2
I0506 11:15:00.582607    6249 loader.go:397] Setting total memory to 0.44 GB
I0506 11:15:00.582797    6249 loader.go:426] Packet logging disabled
I0506 11:15:00.582809    6249 watchdog.go:182] Watchdog waiting 30s for startup
W0506 11:15:00.611892    6249 server.go:116] Control auth failure: other UID = 1000, current UID = 0
unable to read from the sync descriptor: 0, error EOF


--- FILE: /tmp/runsc/runsc.log..20230506-111500.610045.start ---

I0506 11:15:00.610088    6286 main.go:224] ***************************
I0506 11:15:00.610124    6286 main.go:225] Args: [/usr/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% start 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
I0506 11:15:00.610148    6286 main.go:226] Version release-20230501.0
I0506 11:15:00.610159    6286 main.go:227] GOOS: linux
I0506 11:15:00.610170    6286 main.go:228] GOARCH: amd64
I0506 11:15:00.610181    6286 main.go:229] PID: 6286
I0506 11:15:00.610195    6286 main.go:230] UID: 0, GID: 0
I0506 11:15:00.610206    6286 main.go:231] Configuration:
I0506 11:15:00.610216    6286 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.610227    6286 main.go:233]              Platform: ptrace
I0506 11:15:00.610238    6286 main.go:234]              FileAccess: exclusive
I0506 11:15:00.610252    6286 main.go:235]              Directfs: false
I0506 11:15:00.610264    6286 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.610275    6286 main.go:238]              Network: host, logging: false
I0506 11:15:00.610286    6286 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.610297    6286 main.go:240]              IOURING: false
I0506 11:15:00.610313    6286 main.go:241]              Debug: true
I0506 11:15:00.610323    6286 main.go:242]              Systemd: false
I0506 11:15:00.610334    6286 main.go:243] ***************************
D0506 11:15:00.610361    6286 state_file.go:78] Load container, rootDir: "/run/user/1000/runsc", id: {SandboxID: ContainerID:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e}, opts: {Exact:false SkipCheck:false TryLock:false RootContainer:false}
W0506 11:15:00.611776    6286 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
D0506 11:15:00.611801    6286 container.go:399] Start container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
D0506 11:15:00.611815    6286 sandbox.go:365] Start root sandbox "92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e", PID: 6249
D0506 11:15:00.611821    6286 sandbox.go:590] Connecting to sandbox "92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e"
I0506 11:15:00.611854    6286 network.go:58] Setting up network
D0506 11:15:00.611885    6286 urpc.go:568] urpc: successfully marshalled 112 bytes.
W0506 11:15:00.612090    6286 util.go:64] FATAL ERROR: starting container: starting root container: urpc method "containerManager.StartRoot" failed: connection reset by peer


--- FILE: /tmp/runsc/runsc.log..20230506-111500.638587.delete ---

I0506 11:15:00.638628    6291 main.go:224] ***************************
I0506 11:15:00.638666    6291 main.go:225] Args: [/usr/bin/runsc --network host --ignore-cgroups --debug --debug-log /tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% delete --force 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e]
I0506 11:15:00.638691    6291 main.go:226] Version release-20230501.0
I0506 11:15:00.638702    6291 main.go:227] GOOS: linux
I0506 11:15:00.638712    6291 main.go:228] GOARCH: amd64
I0506 11:15:00.638723    6291 main.go:229] PID: 6291
I0506 11:15:00.638737    6291 main.go:230] UID: 0, GID: 0
I0506 11:15:00.638748    6291 main.go:231] Configuration:
I0506 11:15:00.638759    6291 main.go:232]              RootDir: /run/user/1000/runsc
I0506 11:15:00.638769    6291 main.go:233]              Platform: ptrace
I0506 11:15:00.638780    6291 main.go:234]              FileAccess: exclusive
I0506 11:15:00.638795    6291 main.go:235]              Directfs: false
I0506 11:15:00.638806    6291 main.go:237]              Overlay: Root=true, SubMounts=false, Medium="self"
I0506 11:15:00.638817    6291 main.go:238]              Network: host, logging: false
I0506 11:15:00.638828    6291 main.go:239]              Strace: false, max size: 1024, syscalls:
I0506 11:15:00.638839    6291 main.go:240]              IOURING: false
I0506 11:15:00.638855    6291 main.go:241]              Debug: true
I0506 11:15:00.638865    6291 main.go:242]              Systemd: false
I0506 11:15:00.638876    6291 main.go:243] ***************************
D0506 11:15:00.638899    6291 state_file.go:78] Load container, rootDir: "/run/user/1000/runsc", id: {SandboxID: ContainerID:92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e}, opts: {Exact:false SkipCheck:false TryLock:false RootContainer:false}
D0506 11:15:00.639965    6291 container.go:754] Destroy container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
D0506 11:15:00.639985    6291 container.go:994] Destroying container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
D0506 11:15:00.639990    6291 sandbox.go:1355] Destroying root container by destroying sandbox, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e
D0506 11:15:00.639996    6291 sandbox.go:1105] Destroying sandbox "92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e"
D0506 11:15:00.640005    6291 sandbox.go:1114] Killing sandbox "92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e"
D0506 11:15:00.740300    6291 container.go:1008] Killing gofer for container, cid: 92d7fac6a4ff5058c73e22420cfdff5e33b39e626fc922a642aec4e7e8c7e61e, PID: 6244
W0506 11:15:00.740329    6291 container.go:1011] Error sending signal 9 to gofer 6244: no such process
I0506 11:15:00.740433    6291 main.go:260] Exiting with status: 0

@fishy
Copy link

fishy commented May 6, 2023

Do you happen to run podman inside another containerized environment?

no

adding the -TESTONLY-unsafe-nonroot argument to the wrapper script, help in your case?

no

runsc.log..20230505-101307.171257.gofer 
I0505 10:13:07.199959       1 main.go:224] ***************************
I0505 10:13:07.199992       1 main.go:225] Args: [runsc-gofer --debug-log=/tmp/runsc/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND% --network=host --ignore-cgroups=true --systemd-cgroup=true --root=/run/user/1000/runsc --debug=true --debug-log-fd=3 gofer --bundle /home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata --spec-fd=4 --mounts-fd=5 --io-fds=6 --io-fds=7 --io-fds=8 --io-fds=9 --io-fds=10 --io-fds=11 --io-fds=12]
I0505 10:13:07.200017       1 main.go:226] Version release-20230501.0
I0505 10:13:07.200028       1 main.go:227] GOOS: linux
I0505 10:13:07.200039       1 main.go:228] GOARCH: amd64
I0505 10:13:07.200051       1 main.go:229] PID: 1
I0505 10:13:07.200063       1 main.go:230] UID: 0, GID: 0
I0505 10:13:07.200074       1 main.go:231] Configuration:
I0505 10:13:07.200085       1 main.go:232] 		RootDir: /run/user/1000/runsc
I0505 10:13:07.200096       1 main.go:233] 		Platform: ptrace
I0505 10:13:07.200108       1 main.go:234] 		FileAccess: exclusive
I0505 10:13:07.200120       1 main.go:235] 		Directfs: false
I0505 10:13:07.200131       1 main.go:237] 		Overlay: Root=true, SubMounts=false, Medium="self"
I0505 10:13:07.200142       1 main.go:238] 		Network: host, logging: false
I0505 10:13:07.200154       1 main.go:239] 		Strace: false, max size: 1024, syscalls: 
I0505 10:13:07.200165       1 main.go:240] 		IOURING: false
I0505 10:13:07.200179       1 main.go:241] 		Debug: true
I0505 10:13:07.200190       1 main.go:242] 		Systemd: true
I0505 10:13:07.200201       1 main.go:243] ***************************
W0505 10:13:07.201057       1 specutils.go:123] noNewPrivileges ignored. PR_SET_NO_NEW_PRIVS is assumed to always be set.
I0505 10:13:07.201614       1 gofer.go:489] Mounting src: "/home/fishy", dst: "/proc/root/data", flags: 0x5001
I0505 10:13:07.201717       1 gofer.go:489] Mounting src: "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/resolv.conf", dst: "/proc/root/etc/resolv.conf", flags: 0x1000
I0505 10:13:07.201830       1 gofer.go:489] Mounting src: "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hosts", dst: "/proc/root/etc/hosts", flags: 0x1000
I0505 10:13:07.201923       1 gofer.go:489] Mounting src: "/home/fishy/.local/share/containers/storage/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/shm", dst: "/proc/root/dev/shm", flags: 0x100e
I0505 10:13:07.202448       1 gofer.go:489] Mounting src: "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/.containerenv", dst: "/proc/root/run/.containerenv", flags: 0x1000
I0505 10:13:07.202934       1 gofer.go:489] Mounting src: "/run/user/1000/containers/overlay-containers/d21b33714171f066d087f0756d19fa9f4a6defafe7202a654a8cc1ec33f97390/userdata/hostname", dst: "/proc/root/etc/hostname", flags: 0x1000
I0505 10:13:07.203060       1 gofer.go:441] Create working directory "/data" if needed
I0505 10:13:07.203072       1 gofer.go:451] Remounting root as readonly: "/proc/root"
W0505 10:13:07.203095       1 util.go:64] FATAL ERROR: Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted
Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted

@blechschmidt
Copy link
Contributor

Interestingly, remounting /proc/root as readonly succeeds in my environment but not in yours. What's your Linux kernel version?

@fishy
Copy link

fishy commented May 6, 2023 

$ uname -a
Linux perch 6.1.0-7-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-2 (2023-04-08) x86_64 GNU/Linux

@blechschmidt
Copy link
Contributor

blechschmidt commented May 7, 2023
edited
Loading

I have a suspicion what the reason might be. --userns=keep-id might cause the mount operation to fail, but I have not looked at the podman implementation to confirm this and I can't explain how this might have worked with previous versions. Does it work if you run podman without the --userns=keep-id and/or without the --user argument?

Otherwise, if that's not it, I am completely clueless and would first need to figure out why the execution differs on your machine vs. on my machine. Do you have any local podman configuration that might cause a different behavior compared to my fresh machine (as I am on the same kernel)?

@fishy
Copy link

fishy commented May 8, 2023

ok yes removing --userns=keep-id worked:

$ podman --runtime=/home/fishy/bin/runsc-podman.sh run --rm -v "${PWD}":/data/ --user "$(id -u):$(id -g)" --platform= ghcr.io/reddit/thrift-compiler:0.18.1 --version
Thrift version 0.18.1

But for my use case that arg is essential, and runsc worked before with --userns=keep-id and podman.

@bobobo1618
Copy link

I've run into this error message as well. To reproduce:

  • Run a clean install of Rocky Linux 9.2 (e.g. spin up a VM)
  • dnf install -y podman
  • https://gvisor.dev/docs/user_guide/install/
  • sudo podman --log-level debug run --rm -it --runtime=runsc --runtime-flag 'debug' --runtime-flag 'debug-log=/tmp/runsc-debug.log' --security-opt label=disable docker.io/ubuntu:latest /bin/bash

This then comes up in the log:

I0717 22:38:19.451369       1 gofer.go:428] Remounting root as readonly: "/proc/root"
W0717 22:38:19.451539       1 util.go:64] FATAL ERROR: Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted
Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted

Unlike @fishy, adding --runtime-flag 'TESTONLY-unsafe-nonroot' did help for me.

@felschr
Copy link

felschr commented Oct 1, 2023

Any new infos here?
I'm running into this issue, perhaps because I'm using --uidmap / --gidmap.

--runtime-flag 'TESTONLY-unsafe-nonroot' does solve the issue for me, but it sounds like a horrible workaround for normal use.

@blechschmidt
Copy link
Contributor

blechschmidt commented Oct 2, 2023
edited
Loading

I've run into this error message as well. To reproduce:

* Run a clean install of Rocky Linux 9.2 (e.g. spin up a VM)

* `dnf install -y podman`

* https://gvisor.dev/docs/user_guide/install/

* `sudo podman --log-level debug run --rm -it --runtime=runsc --runtime-flag 'debug' --runtime-flag 'debug-log=/tmp/runsc-debug.log' --security-opt label=disable docker.io/ubuntu:latest /bin/bash`

This then comes up in the log:

I0717 22:38:19.451369       1 gofer.go:428] Remounting root as readonly: "/proc/root"
W0717 22:38:19.451539       1 util.go:64] FATAL ERROR: Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted
Error setting up root FS: remounting root as read-only with source: "/proc/root", target: "/proc/root", flags: 0x5021, err: operation not permitted

For me, a bisection indicates that 6b31775 introduced this error. Adding --runtime-flag 'directfs=false' to the podman command, as suggested by the commit message, helps in my case. @ayushr2, could you please have a look?

I am not sure if this is the same issue that @fishy is experiencing though (which I still cannot reproduce), since that commit has been published after the initial issue.

@ayushr2
Copy link
Collaborator

ayushr2 commented Oct 3, 2023

Regarding breakage due to directfs:
If the container spec does not specify a userns, directfs automatically adds a new userns with identity mappings (0:0:4294967295). I think this forced usage of userns is causing the podman issue with directfs. This is inline with findings above (i.e. --userns=keep-id causing failures even before directfs, specifying --uidmap / --gidmap causing failures). It seems like these issues are only reproducible on older Linux versions. Running uname -r on my Rocky Linux 9.2 VM shows 5.14.0-284.25.1.el9_2.x86_64. Podman works fine with directfs on my 6.4 Linux kernel VM.

Maybe there was a Linux bug related to userns that was fixed?

@avagin
Copy link
Collaborator Author

avagin commented Oct 3, 2023
edited
Loading

@blechschmidt Could you try out the next patch?

diff --git a/google3/third_party/gvisor/runsc/cmd/gofer.go b/google3/third_party/gvisor/runsc/cmd/gofer.go
--- a/google3/third_party/gvisor/runsc/cmd/gofer.go
+++ b/google3/third_party/gvisor/runsc/cmd/gofer.go
@@ -422,7 +422,7 @@ func (g *Gofer) setupRootFS(spec *specs.
                // If root is a mount point but not read-only, we can change mount options
                // to make it read-only for extra safety.
                log.Infof("Remounting root as readonly: %q", root)
-               flags := uintptr(unix.MS_BIND | unix.MS_REMOUNT | unix.MS_RDONLY | unix.MS_REC)
+               flags := uintptr(unix.MS_BIND | unix.MS_REMOUNT | unix.MS_RDONLY | unix.MS_REC | unix.MS_NOSUID | unix.MS_NODEV)
                if err := specutils.SafeMount(root, root, "bind", flags, "", procPath); err != nil {
                        return fmt.Errorf("remounting root as read-only with source: %q, target: %q, flags: %#x, err: %v", root, root, flags, err)
                }

@blechschmidt
Copy link
Contributor

With this patch it works for me on 6.1.53-1-MANJARO as well as Rocky Linux on 5.14.0-284.11.1.el9_2.x86_64.

@avagin
Copy link
Collaborator Author

avagin commented Oct 3, 2023

The problem here is that root contains mounts with locked flags:
https://elixir.bootlin.com/linux/latest/source/include/linux/mount.h#L58

such flags can't be cleared and it doesn't depend on the kernel version. This behavior was introduced a long time ago.

# cat /proc/72771/mountinfo 
536 533 0:45 / / ro,nosuid,nodev,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c1022,c1023",lowerdir=/var/lib/containers/storage/overlay/l/VEHVXUVKDAANLD3ASGVAXG53JN,upperdir=/var/lib/containers/storage/overlay/b8b3622d3a2ae348f084d4bc458db9d4a780a1975d14365b93263186a44433a7/diff,workdir=/var/lib/containers/storage/overlay/b8b3622d3a2ae348f084d4bc458db9d4a780a1975d14365b93263186a44433a7/work,metacopy=on,volatile
537 536 0:25 /containers/storage/overlay-containers/d4578d2d9a668321667bc6b704742089bf019135c66def3182aedbaf4a3454ee/userdata/resolv.conf /etc/resolv.conf rw,nosuid,nodev - tmpfs tmpfs rw,seclabel,size=6520784k,nr_inodes=819200,mode=755,inode64
538 536 0:25 /containers/storage/overlay-containers/d4578d2d9a668321667bc6b704742089bf019135c66def3182aedbaf4a3454ee/userdata/hosts /etc/hosts rw,nosuid,nodev - tmpfs tmpfs rw,seclabel,size=6520784k,nr_inodes=819200,mode=755,inode64
539 536 0:44 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,context="system_u:object_r:container_file_t:s0:c1022,c1023",size=64000k,inode64
540 536 0:25 /containers/storage/overlay-containers/d4578d2d9a668321667bc6b704742089bf019135c66def3182aedbaf4a3454ee/userdata/.containerenv /run/.containerenv rw,nosuid,nodev - tmpfs tmpfs rw,seclabel,size=6520784k,nr_inodes=819200,mode=755,inode64
541 536 0:25 /containers/storage/overlay-containers/d4578d2d9a668321667bc6b704742089bf019135c66def3182aedbaf4a3454ee/userdata/run/secrets /run/secrets rw,nosuid,nodev - tmpfs tmpfs rw,seclabel,size=6520784k,nr_inodes=819200,mode=755,inode64
542 536 0:25 /containers/storage/overlay-containers/d4578d2d9a668321667bc6b704742089bf019135c66def3182aedbaf4a3454ee/userdata/hostname /etc/hostname rw,nosuid,nodev - tmpfs tmpfs rw,seclabel,size=6520784k,nr_inodes=819200,mode=755,inode64

@copybara-service copybara-service bot mentioned this issue Oct 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ayushr2 ayushr2

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

gofer: set nosuid and nodev flags when the root is remounted google/gvisor
6 participants
@fishy @bobobo1618 @avagin @felschr @blechschmidt @ayushr2