Uploaded image for project: 'Container Tools'
  1. Container Tools
  2. RUN-2375

[containers/podman] `podman update` resets the configuration of other container resources

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • rhel-container-tools
    • 8
    • RUN 263

      [2672344019] Upstream Reporter: Jan Rodák
      Upstream issue status: Closed
      Upstream description:

      Issue Description

      If a container has a resource configuration set and is updated with the podman update command, the current resource configuration is replaced with a new resource configuration that does not reflect the previous configuration. Thus, if you change a single resource configuration field with podman update, the other fieald of resource configuration is set to its default values. See the reproducer example.

      Steps to reproduce the issue

      Steps to reproduce the issue

      1. podman run -dt --pids-limit 1024 --name hc1 quay.io/libpod/alpine:latest top
      2. podman inspect hc1 --format {{.HostConfig.PidsLimit}}
        • Printed value: 1024
      3. podman update hc1 --memory 100Mb (You can change any other resource of your choice)
      4. podman inspect hc1 --format {{.HostConfig.Memory}}
        • Printed value: 104857600
      5. podman inspect hc1 --format {{.HostConfig.PidsLimit}}
        • This should print the value 1024 but the value is 0

      For this reproduction, you can choose any of the podman update resource flags.

      Describe the results you received

      After the last podman update the memory is set to 104857600 and PidsLimit is 0.

      Describe the results you expected

      After the last podman update the memory is set to 104857600 and the PidsLimit is 1024.

      podman info output

      host:   arch: arm64
        buildahVersion: 1.37.5
        cgroupControllers:   - cpu
        - io
        - memory
        - pids
        cgroupManager: systemd
        cgroupVersion: v2
        conmon:     package: conmon-2.1.12-2.fc40.aarch64
          path: /usr/bin/conmon
          version: 'conmon version 2.1.12, commit: '
        cpuUtilization:     idlePercent: 96.98
          systemPercent: 0.51
          userPercent: 2.51
        cpus: 6
        databaseBackend: sqlite
        distribution:     distribution: fedora
          variant: workstation
          version: "40"
        eventLogger: journald
        freeLocks: 2047
        hostname: fedora
        idMappings:     gidmap:     - container_id: 0
            host_id: 1000
            size: 1
          - container_id: 1
            host_id: 524288
            size: 65536
          uidmap:     - container_id: 0
            host_id: 1000
            size: 1
          - container_id: 1
            host_id: 524288
            size: 65536
        kernel: 6.11.7-200.fc40.aarch64
        linkmode: dynamic
        logDriver: journald
        memFree: 3495309312
        memTotal: 8296726528
        networkBackend: netavark
        networkBackendInfo:     backend: netavark
          dns:       package: aardvark-dns-1.12.2-2.fc40.aarch64
            path: /usr/libexec/podman/aardvark-dns
            version: aardvark-dns 1.12.2
          package: netavark-1.12.2-1.fc40.aarch64
          path: /usr/libexec/podman/netavark
          version: netavark 1.12.2
        ociRuntime:     name: crun
          package: crun-1.17-1.fc40.aarch64
          path: /usr/bin/crun
          version: |-
            crun version 1.17
            commit: 000fa0d4eeed8938301f3bcf8206405315bc1017
            rundir: /run/user/1000/crun
            spec: 1.0.0
            +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
        os: linux
        pasta:     executable: /usr/bin/pasta
          package: passt-0^20241030.gee7d0b6-1.fc40.aarch64
          version: |
            pasta 0^20241030.gee7d0b6-1.fc40.aarch64-pasta
            Copyright Red Hat
            GNU General Public License, version 2 or later
              <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
            This is free software: you are free to change and redistribute it.
            There is NO WARRANTY, to the extent permitted by law.
        remoteSocket:     exists: false
          path: /run/user/1000/podman/podman.sock
        rootlessNetworkCmd: pasta
        security:     apparmorEnabled: false
          capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
          rootless: true
          seccompEnabled: true
          seccompProfilePath: /usr/share/containers/seccomp.json
          selinuxEnabled: true
        serviceIsRemote: false
        slirp4netns:     executable: ""
          package: ""
          version: ""
        swapFree: 8296329216
        swapTotal: 8296329216
        uptime: 0h 19m 42.00s
        variant: v8
      plugins:   authorization: null
        log:   - k8s-file
        - none
        - passthrough
        - journald
        network:   - bridge
        - macvlan
        - ipvlan
        volume:   - local
      registries:   search:   - registry.fedoraproject.org
        - registry.access.redhat.com
        - docker.io
      store:   configFile: /home/jrodak/.config/containers/storage.conf
        containerStore:     number: 1
          paused: 0
          running: 1
          stopped: 0
        graphDriverName: overlay
        graphOptions: {}
        graphRoot: /home/jrodak/.local/share/containers/storage
        graphRootAllocated: 67014492160
        graphRootUsed: 13588926464
        graphStatus:     Backing Filesystem: btrfs
          Native Overlay Diff: "true"
          Supports d_type: "true"
          Supports shifting: "false"
          Supports volatile: "true"
          Using metacopy: "false"
        imageCopyTmpDir: /var/tmp
        imageStore:     number: 3
        runRoot: /run/user/1000/containers
        transientStore: false
        volumePath: /home/jrodak/.local/share/containers/storage/volumes
      version:   APIVersion: 5.2.5
        Built: 1729814400
        BuiltTime: Fri Oct 25 02:00:00 2024
        GitCommit: ""
        GoVersion: go1.22.7
        Os: linux
        OsArch: linux/arm64
        Version: 5.2.5
      

      Podman in a container

      No

      Privileged Or Rootless

      None

      Upstream Latest Release

      Yes

      Additional environment details

      Additional environment details

      Additional information

      It was found here.


      Upstream URL: https://github.com/containers/podman/issues/24610

              jrodak Jan Rodák
              upstream-sync Upstream Sync
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: