Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: podman run --ipc=host not work as expected #17189

Closed
jeffrey4l opened this issue Jan 23, 2023 · 1 comment · Fixed by #17201
Closed

[Bug]: podman run --ipc=host not work as expected #17189

jeffrey4l opened this issue Jan 23, 2023 · 1 comment · Fixed by #17201
Assignees
@Luap99
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@jeffrey4l
Copy link

Issue Description

I am using centos-stream 8 , when running like below:

podman run -it  --rm --ipc host localhost/registry:2 sh

the ipc mode should be host as expected. but i got following

podman  inspect gallant_mahavira | grep -i ipc -C 2
                    "-it",
                    "--rm",
                    "--ipc",
                    "host",
                    "localhost/registry:2",
--
               "ExtraHosts": [],
               "GroupAdd": [],
               "IpcMode": "shareable",
               "Cgroup": "",
               "Cgroups": "default",

Steps to reproduce the issue

Steps to reproduce the issue

  1. run like podman run -it --rm --ipc host localhost/registry:2 sh

Describe the results you received

podman  inspect gallant_mahavira | grep -i ipc -C 2
                    "-it",
                    "--rm",
                    "--ipc",
                    "host",
                    "localhost/registry:2",
--
               "ExtraHosts": [],
               "GroupAdd": [],
               "IpcMode": "shareable",
               "Cgroup": "",
               "Cgroups": "default",

It use shareable rather than host

Describe the results you expected

podman  inspect gallant_mahavira | grep -i ipc -C 2
                    "-it",
                    "--rm",
                    "--ipc",
                    "host",
                    "localhost/registry:2",
--
               "ExtraHosts": [],
               "GroupAdd": [],
               "IpcMode": "host",
               "Cgroup": "",
               "Cgroups": "default",

podman info output

If you are unable to run podman info for any reason, please provide the podman version, operating system and its version and the architecture you are running.


podman info
host:
  arch: amd64
  buildahVersion: 1.27.0
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.4-1.module_el8.7.0+1216+b022c01d.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.4, commit: ec95327311bd1f0a118cadc9b24032df370babe4'
  cpuUtilization:
    idlePercent: 98.75
    systemPercent: 0.38
    userPercent: 0.87
  cpus: 4
  distribution:
    distribution: '"centos"'
    version: "8"
  eventLogger: file
  hostname: stream8
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 4.18.0-358.el8.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 72482816
  memTotal: 2067890176
  networkBackend: cni
  ociRuntime:
    name: runc
    package: runc-1.1.4-1.module_el8.7.0+1216+b022c01d.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.4
      spec: 1.0.2-dev
      go: go1.18.4
      libseccomp: 2.5.2
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-2.module_el8.7.0+1216+b022c01d.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 0
  swapTotal: 0
  uptime: 12h 40m 7.00s (Approximately 0.50 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  10.3.0.82:4000:
    Blocked: false
    Insecure: true
    Location: 10.3.0.82:4000
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: 10.3.0.82:4000
    PullFromMirror: ""
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
  - localhost:4000
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 18
    paused: 0
    running: 17
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 42938118144
  graphRootUsed: 17803042816
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 11
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.2.0
  Built: 1663766104
  BuiltTime: Wed Sep 21 13:15:04 2022
  GitCommit: ""
  GoVersion: go1.18.4
  Os: linux
  OsArch: linux/amd64
  Version: 4.2.0



### Podman in a container

No

### Privileged Or Rootless

None

### Upstream Latest Release

No

### Additional environment details

Additional environment details

### Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
@jeffrey4l jeffrey4l added the kind/bug Categorizes issue or PR as related to a bug. label Jan 23, 2023
@Luap99
Copy link
Member

Luap99 commented Jan 24, 2023

Seems to only effect the inspect output, the container is actual in the same ipc namespace as the host.

$ readlink /proc/self/ns/ipc 
ipc:[4026531839]
$ podman run alpine:latest readlink /proc/self/ns/ipc 
ipc:[4026534923]
$ podman run --ipc=host  alpine:latest readlink /proc/self/ns/ipc 
ipc:[4026531839]

@Luap99 Luap99 self-assigned this Jan 24, 2023
Luap99 added a commit to Luap99/libpod that referenced this issue Jan 24, 2023
@Luap99
fix ipc namespace inspect logic
4054911 
The ipc ns inspect logic did not work, the switch case was just broken
because it will only execute the first branch. Therefore it always
showed `shareable` or `container:...` as mode.

This fixes the logic and adds tests for all modes.

Fixes containers#17189

Signed-off-by: Paul Holzinger <[email protected]>
@Luap99 Luap99 mentioned this issue Jan 24, 2023
Closed
@rhatdan rhatdan mentioned this issue Jan 24, 2023
Merged
rhatdan added a commit to rhatdan/podman that referenced this issue Jan 24, 2023
@rhatdan
Correct output when inspecting containers created with --ipc
623ad2a 
Fixes: containers#17189

Signed-off-by: Daniel J Walsh <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 3, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Luap99 Luap99

Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
2 participants
@jeffrey4l @Luap99