Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-67842

Discrepancy in podman 5.2.2 and podman 4.9.4 behaviour with `username=keepid`

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-9.6
    • rhel-9.5
    • podman
    • None
    • Yes
    • Moderate
    • rhel-sst-container-tools
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      There is a difference of behaviour between podman 4.9.4 and podman 5.2.2 when using --userns=keep-id and anonymous volumes for existing directories. The ownership of the volume root directory differs between these 2 version. This is seen only with rootless and root works as expected.

      Podman version 4.9.4 :

      [tom@rhel9 ~]$ podman run --userns=keep-id:uid=1001,gid=1001 --rm -v /opt/app-root/etc/nginx.default.d registry.access.redhat.com/ubi9/nginx-122 ls -ld /opt/app-root/etc/nginx.default.d
      drwxrwxr-x. 2 default root 6 Nov 3 01:00 /opt/app-root/etc/nginx.default.d
      [tom@rhel9 ~]$ rpm -qa | grep podman
      podman-4.9.4-16.el9_4.x86_64

      Podman version 5.2.2:

      [harry@rhel9 ~]$ podman run --userns=keep-id:uid=1001,gid=1001 --rm -v /opt/app-root/etc/nginx.default.d registry.access.redhat.com/ubi9/nginx-122 ls -ld /opt/app-root/etc/nginx.default.d
      drwxrwxr-x. 2 1000 1001 6 Nov 3 01:00 /opt/app-root/etc/nginx.default.d
      [harry@rhel9 ~]$ rpm -qa | grep podman
      podman-5.2.2-9.el9_5.x86_64

      https://github.com/containers/podman/issues/24577

      Latest upstream version `5.3.0-dev-8f2d5011f`, provide the expected behaviour. Hence need this to be backported to the latest available podman version 5.2.2

       This happens when all the following are met:

      • Use `--userns=keep-id`
      • Mount an anonymous volume
      • The anonymous volume is mounted on top of a directory that already exists in the container image

        How reproducible is this bug?: always

        Steps to reproduce

      1. upgrade to podman version 5.2.2
      2. login as rootless user
      3. Spin an container with above mentioned flags. `$podman run --userns=keep-id:uid=1001,gid=1001 --rm -v /opt/app-root/etc/nginx.default.d registry.access.redhat.com/ubi9/nginx-122 ls -ld /opt/app-root/etc/nginx.default.d`
      4.  

      Expected results

      The root directory of the anonymous volume to use the same ownership info as the directory in the container image.

       
      drwxrwxr-x. 2 default root 6 Nov 3 01:00 /opt/app-root/etc/nginx.default.d

      Actual results

      The directory is owned by UID 1000 and GID 1001
      [harry@rhel9 ~]$ podman run --userns=keep-id:uid=1001,gid=1001 --rm -v /opt/app-root/etc/nginx.default.d registry.access.redhat.com/ubi9/nginx-122 ls -ld /opt/app-root/etc/nginx.default.d
      drwxrwxr-x. 2 1000 1001 6 Nov 3 01:00 /opt/app-root/etc/nginx.default.d

              gscrivan@redhat.com Giuseppe Scrivano
              rhn-support-npalanis Nandhika Palanisamy
              Container Runtime Eng Bot Container Runtime Eng Bot
              Container Runtime Bugs Bot Container Runtime Bugs Bot
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: