Unable to start containers with userns on v1.1.0
fubarhouse opened this issue · comments
Describe the bug
After upgrading to v1.1.0, I am unable to start the container stack which has been forcing me to revert to v1.0.6 for a couple of weeks. This change has occurred independently of Podman upgrades - and it may be that I need to add additional configuration but at this time I do not how to get around it.
I should not that I am not using Podman with Kubernetes right now as I suspect that is related.
I have found an approachable way to replicate the issue, and the error does not occur without the userns attribute set.
To Reproduce
Steps to reproduce the behavior:
- Observe the minimalist busybox
docker-compose.ymlfile below. - Add it to your file system in an empty directory
- Run
podman-compose up -d - Observe the error
docker-compose.yml
services:
frontend:
userns_mode: keep-id:uid=1000
image: busybox
command: ["/bin/busybox", "httpd", "-f", "-p", "8080"]
working_dir: /
Expected behavior
I would expect the container to start, or fail differently. It seems there is something wrong with the configuration which works in the previous release of podman-compose (v1.0.6)
Actual behavior
Error observed:
--userns and --pod cannot be set together
Output
# Fresh git install
...
Cloning into 'podman-compose'...
done.
==> Starting pkgver()...
==> Updated version: podman-compose-git 1:1.1.0.r31.7a2da76-1
==> Sources are ready.
==> Making package: podman-compose-git 1:1.1.0.r31.7a2da76-1 (Fri May 10 21:14:23 2024)
...
$ podman-compose version
podman-compose version 1.1.0
podman version 5.0.2
$ podman-compose up -d
9aa63fcc8cce556c70ea97cd7acdc157f8915efb912f519e0891af50380fedbd
Error: --userns and --pod cannot be set together
Error: no container with name or ID "podmanprojects_frontend_1" found: no such container
Output on v1.0.6
$ wget -O ./podmancompose-1.0.6 https://raw.githubusercontent.com/containers/podman-compose/v1.0.6/podman_compose.py
--2024-05-10 21:40:28-- https://raw.githubusercontent.com/containers/podman-compose/v1.0.6/podman_compose.py
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.110.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101409 (99K) [text/plain]
Saving to: ‘./podmancompose-1.0.6’
./podmancompose-1.0.6 100%[=========================================>] 99.03K --.-KB/s in 0.03s
2024-05-10 21:40:28 (3.29 MB/s) - ‘./podmancompose-1.0.6’ saved [101409/101409]
$ chmod +x ./podmancompose-1.0.6
$ ./podmancompose-1.0.6 up -d
podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 5.0.2
** excluding: set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=podmanprojects', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
['podman', 'network', 'exists', 'podmanprojects_default']
podman run --name=podmanprojects_frontend_1 -d --label io.podman.compose.config-hash=4ac664101186f9aaff5ac14c870b3e3faf19f92f9ccf70a5c030c60eeed40984 --label io.podman.compose.project=podmanprojects --label io.podman.compose.version=1.0.6 --label PODMAN_SYSTEMD_UNIT=podman-compose@podmanprojects.service --label com.docker.compose.project=podmanprojects --label com.docker.compose.project.working_dir=/home/karl/PodmanProjects --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=frontend --net podmanprojects_default --network-alias frontend --userns keep-id:uid=1000 -w / busybox /bin/busybox httpd -f -p 8080
Resolved "busybox" as an alias (/etc/containers/registries.conf.d/00-shortnames.conf)
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob ec562eabd705 done |
Copying config 65ad0d468e done |
Writing manifest to image destination
bb217b2435240298384d08d46fb293a72952601dca5d36ecb893ea4d829bb671
exit code: 0
Environment:
- OS: Linux /
WSL / Mac - podman version: 5.0.2
- podman compose version: 1.1.0 (7a2da76)
Additional context
As noted, this is not an issue in podman-compose v1.0.6.
