podman with options userns keep-id and --restart always doesn't restart like expected #21477

econogit · 2024-02-02T10:03:14Z

Issue Description

The container after a crash or kill doesn't restart with the option keep-id. It restarts like expected without this option.

Steps to reproduce the issue

$ podman run -d --userns keep-id --name nginx --restart always nginx:latest
8d79d08ffbb2a376d13fa62b0c70f77fc2367291daabe31dc7f6d834283545ca
$ podman inspect nginx --format '{{ .State.Pid }}'
2568968
$ kill -9 2568968
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d79d08ffbb2 localhost/nginx:latest 14 seconds ago Exited (137) 4 seconds ago nginx

Describe the results you received

In addition, in the journald log, we have a "Started Process Core Dump".
I suspect the command "podman container cleanup nginx" who do a "Core Dump" with the error :
"panic: runtime error: invalid memory address or nil pointer dereference"

Describe the results you expected

$ podman run -d --userns host --name nginx --restart always nginx:latest
516dad881f0f0ebf9f98b4063cf4a09df3499b48d02a61c35cbf122fcf5160cd
$ podman inspect nginx --format '{{ .State.Pid }}'
2566680
$ kill -9 2566680
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
516dad881f0f localhost/nginx:latest 51 seconds ago Up 3 seconds nginx

podman info output

$ podman info 
host:
  arch: amd64
  buildahVersion: 1.31.3
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.8-1.module+el8.9.0+20326+387084d0.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: 21e9be52d14128789284e1bbf54d8c25b4820215'
  cpuUtilization:
    idlePercent: 97.89
    systemPercent: 0.9
    userPercent: 1.21
  cpus: 4
  databaseBackend: boltdb
  distribution:
    distribution: '"rhel"'
    version: "8.8"
  eventLogger: journald
  freeLocks: 2047
  hostname: xxxx
  idMappings:
    gidmap:
    - container_id: 0
      host_id: xxxx
      size: 1
    - container_id: 1
      host_id: 231072
      size: 65536
    uidmap:
    - container_id: 0
      host_id: xxxx
      size: 1
    - container_id: 1
      host_id: 231072
      size: 65536
  kernel: 4.18.0-513.11.1.el8_9.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 2508718080
  memTotal: 16481193984
  networkBackend: cni
  networkBackendInfo:
    backend: cni
    dns:
      package: podman-plugins-4.6.1-4.module+el8.9.0+20326+387084d0.x86_64
      path: /usr/libexec/cni/dnsname
      version: |-
        CNI dnsname plugin
        version: 1.3.1
        commit: unknown
    package: containernetworking-plugins-1.3.0-4.module+el8.9.0+20326+387084d0.x86_64
    path: /usr/libexec/cni
  ociRuntime:
    name: runc
    package: runc-1.1.9-1.module+el8.9.0+20326+387084d0.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.9
      spec: 1.0.2-dev
      go: go1.20.6
      libseccomp: 2.5.2
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    path: /run/user/xxxx/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_SYS_CHROOT,CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.1-1.module+el8.9.0+20326+387084d0.x86_64
    version: |-
      slirp4netns version 1.2.1
      commit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 18253078528
  swapTotal: 18253602816
  uptime: 65h 48m 20.00s (Approximately 2.71 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
store:
  configFile: /users/xxxx/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /containers/xxxx/containers/storage
  graphRootAllocated: 80491315200
  graphRootUsed: 14373953536
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 5
  runRoot: /run/user/xxxx/containers
  transientStore: false
  volumePath: /containers/xxxxx/containers/storage/volumes
version:
  APIVersion: 4.6.1
  Built: 1696868155
  BuiltTime: Mon Oct  9 18:15:55 2023
  GitCommit: ""
  GoVersion: go1.20.6
  Os: linux
  OsArch: linux/amd64
  Version: 4.6.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

Luap99 · 2024-02-05T13:11:27Z

Do you have the full stack trace output?

econogit · 2024-02-05T13:55:06Z

@Luap99, here is the stack trace for the "container cleanup" command.
stack trace.txt

Currently we deadlock in the slirp4netns setup code as we try to configure an non exissting netns. The problem happens because we tear down the netns in the userns case correctly since commit bbd6281 but that introduces this slirp4netns problem. The code does a proper new network setup later so we should only use the short cut when not in a userns. Fixes containers#21477 Signed-off-by: Paul Holzinger <[email protected]>

Currently we deadlock in the slirp4netns setup code as we try to configure an non exissting netns. The problem happens because we tear down the netns in the userns case correctly since commit bbd6281 but that introduces this slirp4netns problem. The code does a proper new network setup later so we should only use the short cut when not in a userns. Fixes containers#21477 Addresses: https://issues.redhat.com/browse/ACCELFIX-279 Signed-off-by: Paul Holzinger <[email protected]> Signed-off-by: tomsweeneyredhat <[email protected]>

econogit added the kind/bug Categorizes issue or PR as related to a bug. label Feb 2, 2024

Luap99 self-assigned this Feb 5, 2024

Luap99 mentioned this issue Feb 5, 2024

fix userns + restart policy with slirp4netns #21522

Merged

edsantiago changed the title ~~podman with options userns keep-id and --restart always does't restart like expected~~ podman with options userns keep-id and --restart always doesn't restart like expected Feb 5, 2024

openshift-merge-bot bot closed this as completed in #21522 Feb 8, 2024

Luap99 mentioned this issue Mar 4, 2024

--userns=keep-id freezes Podman with some Docker containers #21939

Closed

stale-locking-app bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label May 9, 2024

stale-locking-app bot locked as resolved and limited conversation to collaborators May 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

podman with options userns keep-id and --restart always doesn't restart like expected #21477

podman with options userns keep-id and --restart always doesn't restart like expected #21477

econogit commented Feb 2, 2024

Luap99 commented Feb 5, 2024

econogit commented Feb 5, 2024

podman with options userns keep-id and --restart always doesn't restart like expected #21477

podman with options userns keep-id and --restart always doesn't restart like expected #21477

Comments

econogit commented Feb 2, 2024

Issue Description

Steps to reproduce the issue

Describe the results you received

Describe the results you expected

podman info output

Podman in a container

Privileged Or Rootless

Upstream Latest Release

Additional environment details

Additional information

Luap99 commented Feb 5, 2024

econogit commented Feb 5, 2024