[macOS] Error: for attach: setxattr #13631

fithisux · 2022-03-24T08:22:30Z

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

I tried to attach a folder for busybox ls (sanity check) in my MacOS laptop through podman

Steps to reproduce the issue:

podman machine init -v /Users/vassilisanagnostopoulos:/mnt/Users/vassilisanagnostopoulos foo

2.podman run -it --volume /mnt/Users/vassilisanagnostopoulos/work:/share:z busybox ls

Describe the results you received:

Error: error preparing container cf050ad434f57d762d589b0bee8e4aee68682d7676f7ceaeb7b16ab8970b7d30 for attach: setxattr /mnt/Users/vassilisanagnostopoulos/work: operation not supported

Describe the results you expected:

To be an empty list, afterall work is empty

Additional information you deem important (e.g. issue happens only occasionally):

Podman installed through brew and updated everything through brew update && brew upgrade

Output of podman version:

podman version
Client:       Podman Engine
Version:      4.0.2
API Version:  4.0.2
Go Version:   go1.17.8

Built:      Wed Mar  2 16:04:36 2022
OS/Arch:    darwin/amd64

Server:       Podman Engine
Version:      4.0.2
API Version:  4.0.2
Go Version:   go1.16.14

Built:      Thu Mar  3 16:56:56 2022
OS/Arch:    linux/amd64

Output of podman info --debug:

(paste your output here)

Package info (e.g. output of rpm -q podman or apt list podman):

host:
  arch: amd64
  buildahVersion: 1.24.1
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.0-2.fc35.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.0, commit: '
  cpus: 1
  distribution:
    distribution: fedora
    variant: coreos
    version: "35"
  eventLogger: journald
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 502
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
  kernel: 5.15.18-200.fc35.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 1340514304
  memTotal: 2061381632
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.4.2-1.fc35.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.2
      commit: f6fbc8f840df1a414f31a60953ae514fa497c748
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/502/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc35.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 2h 31m 48.63s (Approximately 0.08 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 6
    paused: 0
    running: 0
    stopped: 6
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/502/containers
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 4.0.2
  Built: 1646319416
  BuiltTime: Thu Mar  3 16:56:56 2022
  GitCommit: ""
  GoVersion: go1.16.14
  OsArch: linux/amd64
  Version: 4.0.2

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):
Darwin C02CH2W2MD6R.local 20.6.0 Darwin Kernel Version 20.6.0: Wed Jun 23 00:26:31 PDT 2021; root:xnu-7195.141.2~5/RELEASE_X86_64 x86_64

The text was updated successfully, but these errors were encountered:

Luap99 · 2022-03-24T09:57:48Z

Does it work when you remove the :z?

fithisux · 2022-03-24T10:13:19Z

Does it work when you remove the :z?

Yes it does. What is this z ?

Luap99 · 2022-03-24T10:23:56Z

z stand for selinux relabeling which requires extended attributes. I am not sure if virtiofs support this.
https://github.com/containers/podman/blob/main/docs/source/markdown/podman-run.1.md#--volume--vsource-volumehost-dircontainer-diroptions

If it works without out it you do not need it.

cc @baude @rhatdan

rhatdan · 2022-03-24T13:43:10Z

Mac file systems based on Plan 9 does not support SELinux labeling z and Z should not be used. When we transition to use virtiofsd, it should support SELinux labeling, and then we can use it for better container separation on the MAC.

Currently the volumes mounted into the VM are labeled as nfs_t, and all containers are allowed to read/write the content.

arlyon · 2022-05-02T19:43:31Z

Hey

I am currently trying to support macOS and linux (fedora) machines using the same play kube file. Is there a recommended approach here? Or is the answer "not cross platform yet"

rhatdan · 2022-05-02T19:53:44Z

Please open a new issue. Do not add to a closed issue. Podman play kube should work on a MacOS

Currently, podman does not support SELinux labels due to how they mount volumes. This causes the build to fail, with `lsetxattr` being unsupported. The relevant podman issue is [here](containers/podman#13631), and the description of the issue and volume mounts is [here](containers/podman#13631 (comment)).

Currently, podman does not support SELinux labels due to how they mount volumes. This causes the build to fail, with `lsetxattr` being unsupported. The relevant podman issue is [here](containers/podman#13631), and the description of the issue and volume mounts is [here](containers/podman#13631 (comment)). Closes cross-rs#756.

Depending on how docker is installed and configured but also the hardening applied to the workstation, docker might not be able to mount the code base properly in the container. As such, the user could end up with a error similar to the following: ``` ❯ make lint --8<-- >>>> Entering build container: lint-packaging-scripts time docker run --rm --tty -i -v ~/.ssh/:/root/.ssh:delegated,z -v /workspace/github.com/grafana/mimir/.cache:/go/cache:delegated,z -v /workspace/github.com/grafana/mimir/.pkg:/go/pkg:delegated,z -v /workspace/github.com/grafana/mimir:/go/src/github.com/grafana/mimir:delegated,z grafana/mimir-build-image GOOS=darwin GOARCH=amd64 BINARY_SUFFIX="" lint-packaging-scripts; Error: error preparing container 9c7c78b35ac936b65510dec180a81f6f38ea98e027d7049012f73f7ac31f885d for attach: lsetxattr /workspace/github.com/grafana/mimir/.cache: operation not supported real 0m0,719s user 0m0,046s sys 0m0,021s ``` This error could also be trigger when using podman as an alternative for docker. See: containers/podman#13631 Signed-off-by: Wilfried Roset <wilfriedroset@users.noreply.github.com>

Depending on how docker is installed and configured but also the hardening applied to the workstation, docker might not be able to mount the code base properly in the container. As such, the user could end up with a error similar to the following: ``` ❯ make lint --8<-- >>>> Entering build container: lint-packaging-scripts time docker run --rm --tty -i -v ~/.ssh/:/root/.ssh:delegated,z -v /workspace/github.com/grafana/mimir/.cache:/go/cache:delegated,z -v /workspace/github.com/grafana/mimir/.pkg:/go/pkg:delegated,z -v /workspace/github.com/grafana/mimir:/go/src/github.com/grafana/mimir:delegated,z grafana/mimir-build-image GOOS=darwin GOARCH=amd64 BINARY_SUFFIX="" lint-packaging-scripts; Error: error preparing container 9c7c78b35ac936b65510dec180a81f6f38ea98e027d7049012f73f7ac31f885d for attach: lsetxattr /workspace/github.com/grafana/mimir/.cache: operation not supported real 0m0,719s user 0m0,046s sys 0m0,021s ``` This error could also be trigger when using podman as an alternative for docker. See: containers/podman#13631 Signed-off-by: Wilfried Roset <wilfriedroset@users.noreply.github.com> Signed-off-by: Wilfried Roset <wilfriedroset@users.noreply.github.com>

ActuallyHappening · 2023-04-20T06:54:29Z

To save people from struggling,
use docker.

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 24, 2022

fithisux changed the title ~~[macOs] Error: for attach: setxattr~~ [macOS] Error: for attach: setxattr Mar 24, 2022

github-actions bot added macos MacOS (OSX) related remote Problem is in podman-remote labels Mar 24, 2022

Luap99 closed this as completed Mar 24, 2022

Luap99 added the machine label Mar 24, 2022

Luap99 mentioned this issue Apr 5, 2022

Podman cannot change file permissions inside of the container if located outside of $HOME #13775

Closed

arlyon mentioned this issue May 2, 2022

Recommended workflow for SELinux cross-compat between macOS and Linux (Fedora) #14082

Closed

holly-cummins mentioned this issue May 6, 2022

Improve podman compatibility on M1 for build test suites which use fabric8 docker-maven-plugin quarkusio/quarkus#25428

Closed

holly-cummins mentioned this issue May 26, 2022

Use health check to detect mariadb startup and skip volume modifier on M1 quarkusio/quarkus#25805

Merged

Alexhuszagh mentioned this issue Jun 5, 2022

Podman Fails on macOS due to SELinux Labels cross-rs/cross#756

Closed

11 tasks

Alexhuszagh mentioned this issue Jun 6, 2022

macOS Podman Fails Due to Connection Reset due to Running Cargo on Mounted Volume cross-rs/cross#757

Open

11 tasks

elmiko mentioned this issue Sep 9, 2022

update doc-env instructions openshift-cs/okd.io#284

Closed

wilfriedroset mentioned this issue Oct 5, 2022

Allow to adjust mount options in Makefile grafana/mimir#3137

Merged

3 tasks

VirrageS mentioned this issue Nov 23, 2022

Drop ':z' bind option when using Podman and MacOS kubevirt/kubevirt#8841

Merged

josephearl mentioned this issue Dec 6, 2022

Creating a native container image with quarkus-container-image-docker fails when using Podman on macOS quarkusio/quarkus#29701

Open

ranjanashish mentioned this issue Dec 14, 2022

Drop ':z' bind option when using MacOS and Podman quarkusio/quarkus#29850

Merged

cblecker mentioned this issue Feb 3, 2023

Fix makefile compatibility with podman for mac openshift/release#35997

Merged

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Jul 19, 2023

containers: add a workaround for missing SELinux on macOS with podman

d690fb1

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Jul 19, 2023

containers: add a workaround for missing SELinux on macOS with podman

4973bfc

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Jul 19, 2023

containers: add a workaround for missing SELinux on macOS with podman

6141219

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Jul 25, 2023

containers: add a workaround for missing SELinux on macOS with podman

12fb0fd

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Jul 31, 2023

containers: add a workaround for missing SELinux on macOS with podman

77f69a8

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

lzaoral added a commit to lzaoral/openscanhub that referenced this issue Aug 10, 2023

containers: add a workaround for missing SELinux on macOS with podman

7a7e418

Hopefully, this is only a temporary solution as noted by podman upstream in containers/podman#13631 (comment).

github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 26, 2023

github-actions bot locked as resolved and limited conversation to collaborators Aug 26, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[macOS] Error: for attach: setxattr #13631

[macOS] Error: for attach: setxattr #13631

fithisux commented Mar 24, 2022

Luap99 commented Mar 24, 2022

fithisux commented Mar 24, 2022

Luap99 commented Mar 24, 2022

rhatdan commented Mar 24, 2022

arlyon commented May 2, 2022

rhatdan commented May 2, 2022

ActuallyHappening commented Apr 20, 2023

[macOS] Error: for attach: setxattr #13631

[macOS] Error: for attach: setxattr #13631

Comments

fithisux commented Mar 24, 2022

Luap99 commented Mar 24, 2022

fithisux commented Mar 24, 2022

Luap99 commented Mar 24, 2022

rhatdan commented Mar 24, 2022

arlyon commented May 2, 2022

rhatdan commented May 2, 2022

ActuallyHappening commented Apr 20, 2023