search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.16k stars 14.19k forks source link

[Bug] Containers/toolbox seems broken #324804

Open AkechiShiro opened 4 months ago

AkechiShiro commented 4 months ago

Describe the bug

Toolbox tools seems to be broken cannot delete or edit images/containers nor start them, the tool seems to be in an non usable state.

Steps To Reproduce

Steps to reproduce the behavior:

  1. Use toolbox, download a container
  2. Switch from podman to docker for containers in nixos configuration
  3. Reboot
  4. Switch back to podman
  5. See the issue hopefully

Expected behavior

Toolbox shouldn't break

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Debug output : 

❯ toolbox rmi 55260e28f0c4 bd0261c7a459 4b5058e5e55f --verbose                                                DEBU Running as real user ID 1000
DEBU Resolved absolute path to the executable as /nix/store/dgardm12vdc14dzsk4h0zjj04vdrc8zx-toolbox-0.0.99.3/bin/toolbox
DEBU Running on a cgroups v2 host
DEBU Checking if /etc/subgid and /etc/subuid have entries for user kenshin
DEBU Validating sub-ID file /etc/subuid
DEBU Validating sub-ID file /etc/subgid
DEBU TOOLBOX_PATH is /nix/store/dgardm12vdc14dzsk4h0zjj04vdrc8zx-toolbox-0.0.99.3/bin/toolbox
DEBU Migrating to newer Podman
DEBU Toolbox config directory is /home/kenshin/.config/toolbox
DEBU Current Podman version is 5.0.3
DEBU Creating runtime directory /run/user/1000/toolbox
DEBU Old Podman version is 5.0.3
DEBU Migration not needed: Podman version 5.0.3 is unchanged
DEBU Setting up configuration
DEBU Setting up configuration: file /etc/containers/toolbox.conf not found
DEBU Setting up configuration: file /home/kenshin/.config/containers/toolbox.conf not found
DEBU Resolving image name
DEBU Distribution (CLI): ''
DEBU Image (CLI): ''
DEBU Release (CLI): ''
DEBU Resolved image name
DEBU Image: 'fedora-toolbox:34'
DEBU Release: '34'
DEBU Resolving container name
DEBU Container: ''
DEBU Image: 'fedora-toolbox:34'
DEBU Release: '34'
DEBU Resolved container name
DEBU Container: 'fedora-toolbox-34'
Error: loading primary layer store data: 1 error occurred:
        * deleting layer "21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138": openfdat /home/kenshin/.local/share/containers/storage/overlay/21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138: permission denied

Error: failed to inspect image 55260e28f0c4
Error: bd0261c7a459: image not known
Error: failed to inspect image bd0261c7a459
Error: 4b5058e5e55f: image not known
Error: failed to inspect image 4b5058e5e55f

Maybe a relevant error : 

Error: loading primary layer store data: 1 error occurred:
        * deleting layer "21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138": openfdat /home/kenshin/.local/share/containers/storage/overlay/21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138: permission denied

Notify maintainers

@urandom2

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

❯ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.6.36, NixOS, 24.05 (Uakari), 24.05.2411.706eef542dec`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.4`
 - channels(root): `"agenix, home-manager-24.05.tar.gz, nixos-24.05, nixos-unstable"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Add a :+1: reaction to issues you find important.

AkechiShiro commented 4 months ago

Only root has access to the path under ~/.local, not sure why : image

EDIT : Groups of my user 

users docker kvm podman
AkechiShiro commented 4 months ago

Running stat on the folder, I think shows why : 

  File: /home/kenshin/.local/share/containers/storage/overlay/21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489
972388985f894138
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 259,2   Inode: 89800174    Links: 6
Access: (0700/drwx------)  Uid: (100000/ UNKNOWN)   Gid: (100000/ UNKNOWN)
Access: 2024-04-09 04:24:02.513187682 +0200
Modify: 2024-04-09 04:24:28.203021797 +0200
Change: 2024-04-09 04:24:28.203021797 +0200
 Birth: 2024-04-09 04:24:02.513187682 +0200

Here it is owned by an uid that is pretty high and not a default user.

AkechiShiro commented 4 months ago

Running podman rmi shows these warnings : 

WARN[0000] Found incomplete layer "21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138", deleting it
WARN[0000] Unexpected error on reading Additional Layer Store pointer open /home/kenshin/.local/share/containers/storage/overlay/21246c9766d5524c1cf78e884443e7740b3c6a0b1eda1489972388985f894138/additionallayer: permission denied

But no deletion was done.

AkechiShiro commented 4 months ago

I workaround the issue successfully, but it seems I should describe it in a bit more details, there was another image in docker that was blocking the deletion of the image in the podman side, it seems.

I manually deleted the fedora one, and used docker rm archlinux-toolbox to remove the arch container and finally deleted the image using podman rmi

AkechiShiro commented 4 months ago

The container still does not start...

AkechiShiro commented 3 months ago

So I haven't found a way to start the container using toolbox but I ran into this issue : https://github.com/containers/podman/issues/14284 (trying to manually run a shell in the container)

The way to get a shell in the container right now for me, is to disable everything related to Virtualbox and remove my user from the vboxusers group and use podman run --rm -it archlinux-toolbox

Freed-Wu commented 2 days ago

BTW, should toolbox depends on podman? https://archlinux.org/packages/extra-testing/x86_64/toolbox/ archlinux's toolbox depends on podman, however, nixos not https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/applications/virtualization/toolbox/default.nix