Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman remote doesn't delete cidfile #19420

Closed
Romain-Geissler-1A opened this issue Jul 28, 2023 · 0 comments · Fixed by #19436
Closed

podman remote doesn't delete cidfile #19420

Romain-Geissler-1A opened this issue Jul 28, 2023 · 0 comments · Fixed by #19436
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@Romain-Geissler-1A
Copy link
Contributor

Issue Description

podman remote doesn't delete the cidfile (which lies on the client filesystem) when the container exits, while non remote podman does. Also, kind of linked, podman rm will always attempt to delete the cidfile on the server side, while it was initially created on the client side.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Create a container with podman running as a server:
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> rm -f /tmp/podman-server.cid && podman run --detach --rm --privileged --pull=always --cidfile=/tmp/podman-server.cid -v /run/bug-resources quay.io/podman/upstream podman system service -t 0 unix:///run/bug-resources/podman.sock 
Trying to pull quay.io/podman/upstream:latest...
Getting image source signatures
Copying blob sha256:478cf87435b0e8869a055a10488139ce03218124ff4910b27da5b378446efa74
Copying blob sha256:71539fc003c4baf6506f4518c33a95ab44f981a83d1204d36228aa73037f7794
Copying blob sha256:ad5077952f523ff30dc5365f41cf2644ba63f9cf3fa5234f338d495522dfe35e
Copying blob sha256:deb8f01378c1e98c712719b4967c04f775656b153c81fb564202c48730a940bc
Copying blob sha256:3f54f76baa30373f489c91b296c10ca6cd704c800e45718eee302ee05c9e7bb4
Copying blob sha256:d8b457dfa3e42f693649243720d9ee717c76c6b54a529ecf7b6b5924820f83bd
Copying blob sha256:8972c9d0ade14f282171e36dfe3ffb00d1b256e5f872858d6ee343dbbe11bbe6
Copying blob sha256:d0e059397b9d659c78d378adbb387d08a9bb2e551e1860de449ab577c3d2f105
Copying config sha256:843c1b85879751cca5dd7cc9ec08c85f5626c26885d0bc91a0b93b6fdd824916
Writing manifest to image destination
Storing signatures
37df3e02e489d983cd0e97199c8b66880f0ec7c1bb3b984dea26b3f3cd35e96f
  1. Now run another container which will use podman as a client, connecting to the above server. We see that cidfile is not removed in the end:
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> podman run -t -i --rm --pull=always --volumes-from="$(cat /tmp/podman-server.cid)" quay.io/podman/upstream sh -c 'podman --url unix:///run/bug-resources/podman.sock run --cidfile=/tmp/cidfile --rm fedora true && ls -la /tmp/cidfile' 
Trying to pull quay.io/podman/upstream:latest...
Getting image source signatures
Copying blob sha256:478cf87435b0e8869a055a10488139ce03218124ff4910b27da5b378446efa74
Copying blob sha256:deb8f01378c1e98c712719b4967c04f775656b153c81fb564202c48730a940bc
Copying blob sha256:71539fc003c4baf6506f4518c33a95ab44f981a83d1204d36228aa73037f7794
Copying blob sha256:d8b457dfa3e42f693649243720d9ee717c76c6b54a529ecf7b6b5924820f83bd
Copying blob sha256:ad5077952f523ff30dc5365f41cf2644ba63f9cf3fa5234f338d495522dfe35e
Copying blob sha256:3f54f76baa30373f489c91b296c10ca6cd704c800e45718eee302ee05c9e7bb4
Copying blob sha256:8972c9d0ade14f282171e36dfe3ffb00d1b256e5f872858d6ee343dbbe11bbe6
Copying blob sha256:d0e059397b9d659c78d378adbb387d08a9bb2e551e1860de449ab577c3d2f105
Copying config sha256:843c1b85879751cca5dd7cc9ec08c85f5626c26885d0bc91a0b93b6fdd824916
Writing manifest to image destination
Storing signatures
Resolved "fedora" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.fedoraproject.org/fedora:latest...
Getting image source signatures
Copying blob sha256:ad5077952f523ff30dc5365f41cf2644ba63f9cf3fa5234f338d495522dfe35e
Copying config sha256:919a420d29c6f5ae0bdc8d1872387d3a878d7f69debce9e24f3f2e0506b2ba0d
Writing manifest to image destination
-rw-r--r-- 1 root root 64 Jul 28 20:55 /tmp/cidfile
  1. Comparing to a container where podman is not using the client/server scheme, the cifdile is correctly removed in the end:
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> podman run -t -i --rm --pull=always --privileged quay.io/podman/upstream sh -c 'podman run --cidfile=/tmp/cidfile --rm fedora true && ls -la /tmp/cidfile' 
Trying to pull quay.io/podman/upstream:latest...
Getting image source signatures
Copying blob sha256:478cf87435b0e8869a055a10488139ce03218124ff4910b27da5b378446efa74
Copying blob sha256:ad5077952f523ff30dc5365f41cf2644ba63f9cf3fa5234f338d495522dfe35e
Copying blob sha256:71539fc003c4baf6506f4518c33a95ab44f981a83d1204d36228aa73037f7794
Copying blob sha256:deb8f01378c1e98c712719b4967c04f775656b153c81fb564202c48730a940bc
Copying blob sha256:3f54f76baa30373f489c91b296c10ca6cd704c800e45718eee302ee05c9e7bb4
Copying blob sha256:d8b457dfa3e42f693649243720d9ee717c76c6b54a529ecf7b6b5924820f83bd
Copying blob sha256:8972c9d0ade14f282171e36dfe3ffb00d1b256e5f872858d6ee343dbbe11bbe6
Copying blob sha256:d0e059397b9d659c78d378adbb387d08a9bb2e551e1860de449ab577c3d2f105
Copying config sha256:843c1b85879751cca5dd7cc9ec08c85f5626c26885d0bc91a0b93b6fdd824916
Writing manifest to image destination
Storing signatures
Resolved "fedora" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.fedoraproject.org/fedora:latest...
Getting image source signatures
Copying blob ad5077952f52 done   |
Copying config 919a420d29 done   |
Writing manifest to image destination
ls: cannot access '/tmp/cidfile': No such file or directory
  1. Also, proof that podman rm when run as a client tries to delete the cidfile in the wrong machine: it tries to delete it on server side while it should be deleted on client side:
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> podman exec "$(cat /tmp/podman-server.cid)" touch /tmp/cidfile
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> podman run -t -i --rm --pull=always --volumes-from="$(cat /tmp/podman-server.cid)" quay.io/podman/upstream sh -c 'podman --url unix:///run/bug-resources/podman.sock run --cidfile=/tmp/cidfile fedora true && podman --url unix:///run/bug-resources/podman.sock rm "$(cat /tmp/cidfile)" && ls /tmp/cidfile' 
cat: /tmp/cidfile: No such file or directory
Trying to pull quay.io/podman/upstream:latest...
Getting image source signatures
Copying blob sha256:deb8f01378c1e98c712719b4967c04f775656b153c81fb564202c48730a940bc
Copying blob sha256:478cf87435b0e8869a055a10488139ce03218124ff4910b27da5b378446efa74
Copying blob sha256:71539fc003c4baf6506f4518c33a95ab44f981a83d1204d36228aa73037f7794
Copying blob sha256:ad5077952f523ff30dc5365f41cf2644ba63f9cf3fa5234f338d495522dfe35e
Copying blob sha256:d8b457dfa3e42f693649243720d9ee717c76c6b54a529ecf7b6b5924820f83bd
Copying blob sha256:3f54f76baa30373f489c91b296c10ca6cd704c800e45718eee302ee05c9e7bb4
Copying blob sha256:8972c9d0ade14f282171e36dfe3ffb00d1b256e5f872858d6ee343dbbe11bbe6
Copying blob sha256:d0e059397b9d659c78d378adbb387d08a9bb2e551e1860de449ab577c3d2f105
Copying config sha256:843c1b85879751cca5dd7cc9ec08c85f5626c26885d0bc91a0b93b6fdd824916
Writing manifest to image destination
Storing signatures
d2039d3c55f7c3b9a49d109d6e1a195f44ede345d3036eff7f3322ad635c164c
/tmp/cidfile
rgeissler@ncerndobedev6097:~/wk/podman (v4.4.1-rhel-patched-by-Amadeus *% u=)> podman exec "$(cat /tmp/podman-server.cid)" ls /tmp/cidfile
ls: cannot access '/tmp/cidfile': No such file or directory

I guess that if really you want to fix this, then podman remote will have to fork/exec into the background and not exit until the container actually stops. From past discussion we already had, I actually doubt you want to do this for real, but this is how docker works.

Describe the results you received

The cidfile is removed on the server side (effectively leaking it on client side).

Describe the results you expected

The cidfile should be removed on client side.

podman info output

Not needed as tested from the upstream podman image.

Podman in a container

Yes

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response
@Romain-Geissler-1A Romain-Geissler-1A added the kind/bug Categorizes issue or PR as related to a bug. label Jul 28, 2023
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 30, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
33da909 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 30, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
06ff56c 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@rhatdan rhatdan mentioned this issue Jul 30, 2023
Merged
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 31, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
611ff41 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 31, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
c8f38f3 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 31, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
fcce6b0 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Jul 31, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
6a538aa 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Aug 1, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
1f7fc14 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Aug 1, 2023
@rhatdan
Cleanup CIDFile on podman-remote run --rm command
851cd9c 
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.

[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.

If we run these tests on a MAC or Windows platform, they would start
failing.

Fixes: containers#19420

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Nov 1, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cleanup CIDFile on podman-remote run --rm command rhatdan/podman
1 participant
@Romain-Geissler-1A