Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quadlet: Invalid Mount directive leads to core dump #20104

Closed
mhutter opened this issue Sep 22, 2023 · 1 comment · Fixed by #20149
Closed

Quadlet: Invalid Mount directive leads to core dump #20104

mhutter opened this issue Sep 22, 2023 · 1 comment · Fixed by #20149
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@mhutter
Copy link

mhutter commented Sep 22, 2023

Issue Description

*.container files with invalid Mount directives will cause quadlet to crash, instead of outputting an error message

Steps to reproduce the issue

Given the following /etc/containers/systemd/prometheus.container

# ...
[Container]
Mount=/etc/prometheus.yml:/prometheus.yml:ro

Running /usr/libexec/podman/quadlet -dryrun

Describe the results you received

panic: runtime error: index out of range [1] with length 1

goroutine 1 [running]:
panic({0x5619b51f3c40, 0xc00001c150})
        /usr/lib/golang/src/runtime/panic.go:987 +0x3bb fp=0xc0000bb1e8 sp=0xc0000bb128 pc=0x5619b510a0bb
runtime.goPanicIndex(0x1, 0x1)
        /usr/lib/golang/src/runtime/panic.go:113 +0x7f fp=0xc0000bb228 sp=0xc0000bb1e8 pc=0x5619b510845f
github.com/containers/podman/v4/pkg/systemd/quadlet.ConvertContainer(0xc00005c380, 0x20?)
        /builddir/build/BUILD/podman-4.6.2/pkg/systemd/quadlet/quadlet.go:641 +0x4fe5 fp=0xc0000bbc48 sp=0xc0000bb228 pc=0x5619b51a5125
main.process()
        /builddir/build/BUILD/podman-4.6.2/cmd/quadlet/main.go:395 +0x833 fp=0xc0000bbf38 sp=0xc0000bbc48 pc=0x5619b51ad7f3
main.main()
        /builddir/build/BUILD/podman-4.6.2/cmd/quadlet/main.go:316 +0x19 fp=0xc0000bbf80 sp=0xc0000bbf38 pc=0x5619b51acf39
runtime.main()
        /usr/lib/golang/src/runtime/proc.go:250 +0x212 fp=0xc0000bbfe0 sp=0xc0000bbf80 pc=0x5619b510ce32
runtime.goexit()
        /usr/lib/golang/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000bbfe8 sp=0xc0000bbfe0 pc=0x5619b5138821

Describe the results you expected

A helpful error message

podman info output

host:
  arch: amd64
  buildahVersion: 1.31.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.7-2.fc38.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: '
  cpuUtilization:
    idlePercent: 98.33
    systemPercent: 0.71
    userPercent: 0.96
  cpus: 1
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: coreos
    version: "38"
  eventLogger: journald
  freeLocks: 2047
  hostname: my-first-coreos
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.4.15-200.fc38.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 1350725632
  memTotal: 1998385152
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.7.0-1.fc38.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.7.0
    package: netavark-1.7.0-1.fc38.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.7.0
  ociRuntime:
    name: crun
    package: crun-1.8.7-1.fc38.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.7
      commit: 53a9996ce82d1ee818349bdcc64797a1fa0433c4
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20230823.ga7e4bfb-1.fc38.x86_64
    version: |
      pasta 0^20230823.ga7e4bfb-1.fc38.x86_64
      Copyright Red Hat
      GNU Affero GPL version 3 or later <https://www.gnu.org/licenses/agpl-3.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.1-1.fc38.x86_64
    version: |-
      slirp4netns version 1.2.1
      commit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 1h 8m 32.00s (Approximately 0.04 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 19875737600
  graphRootUsed: 1675010048
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.6.2
  Built: 1693251588
  BuiltTime: Mon Aug 28 19:39:48 2023
  GitCommit: ""
  GoVersion: go1.20.7
  Os: linux
  OsArch: linux/amd64
  Version: 4.6.2

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

CoreOS

Additional information

No response
@mhutter mhutter added the kind/bug Categorizes issue or PR as related to a bug. label Sep 22, 2023
@mhutter
Copy link
Author

mhutter commented Sep 22, 2023

I think I can fix this, assign it to me if I should prepare a PR

@mhutter mhutter mentioned this issue Sep 22, 2023
Closed
rhatdan added a commit to rhatdan/podman that referenced this issue Sep 23, 2023
@rhatdan
Fix crash on quadlet Mount bad option
1b1f81e 
Fixes: containers#20104

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Sep 23, 2023
@rhatdan
Fix crash on quadlet Mount bad option
4b75762 
Fixes: containers#20104

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@rhatdan rhatdan mentioned this issue Sep 23, 2023
Closed
@ygalblum ygalblum mentioned this issue Sep 26, 2023
Merged
rhatdan added a commit to rhatdan/podman that referenced this issue Sep 27, 2023
@rhatdan
Fix crash on quadlet Mount bad option
1552ec2 
All parsing should be done in the Podman command, we should not
be parsing mount options in the quadlet code.

Fixes: containers#20104

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan added a commit to rhatdan/podman that referenced this issue Sep 27, 2023
@rhatdan
Fix crash on quadlet Mount bad option
172db1f 
All parsing should be done in the Podman command, we should not
be parsing mount options in the quadlet code.

Fixes: containers#20104

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Dec 28, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
1 participant
@mhutter