buildah automatically removes base image after build

Description

I ran into a strange issue with buildah after updating, where it automatically removed the based image that is used for a build of a child image. The base image remains visible until the very last steps and gets removed during the COMMIT phase of the child image. For years, I was able to build an image with multiple layers, then build a child image using multi-stage builds from the base image, providing the benefits that the first layers between the base and child image remained the same, hence didn't need to be downloaded. I updated by buildah yesterday and now, when executing the very same build, buildah removes the base image after the successful build of the child image.

Steps to reproduce the issue:

Build a base image:

Consider this Dockerfile called Dockerfile1:

FROM alpine

RUN touch test.txt

Then build it via buildah bud -t test -f Dockerfile1:

[gvenzl@localhost test]$ buildah bud -t test -f Dockerfile1
STEP 1/2: FROM alpine
STEP 2/2: RUN touch test.txt
COMMIT test
Getting image source signatures
Copying blob d4fc045c9e3a skipped: already exists
Copying blob 80b03e0eb50b done
Copying config d818df13c4 done
Writing manifest to image destination
--> d818df13c42c
Successfully tagged localhost/test:latest
d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144

This results in the following image:

[gvenzl@localhost test]$ podman images
REPOSITORY                                    TAG                  IMAGE ID      CREATED            SIZE
localhost/test                                latest               d818df13c42c  24 seconds ago     7.67 MB

Build a new image using this image as a base layer:

Consider this Dockerfile called Dockerfile2:

ARG BASE_IMAGE

FROM ${BASE_IMAGE} as base

FROM base as test1

RUN touch foo.bar.txt

(The FROM ${BASE_IMAGE} as base is there to parameterize the input base image.)

And build it via buildah bud -t test1 -f Dockerfile2 --build-arg BASE_IMAGE=test --log-level trace:

[gvenzl@localhost test]$ buildah bud -t test1 -f Dockerfile2 --build-arg BASE_IMAGE=test --log-level trace
DEBU[0000] effective capabilities: [audit_control=false audit_read=false audit_write=false block_suspend=false bpf=false checkpoint_restore=false chown=false dac_override=false dac_read_search=false fowner=false fsetid=false ipc_lock=false ipc_owner=false kill=false lease=false linux_immutable=false mac_admin=false mac_override=false mknod=false net_admin=false net_bind_service=false net_broadcast=false net_raw=false perfmon=false setfcap=false setgid=false setpcap=false setuid=false sys_admin=false sys_boot=false sys_chroot=false sys_module=false sys_nice=false sys_pacct=false sys_ptrace=false sys_rawio=false sys_resource=false sys_time=false sys_tty_config=false syslog=false wake_alarm=false]
DEBU[0000] Running [buildah-in-a-user-namespace bud -t test1 -f Dockerfile2 --build-arg BASE_IMAGE=test --log-level trace] with environment [SHELL=/bin/bash HISTCONTROL=ignoredups HISTSIZE=1000 HOSTNAME=localhost PWD=/home/gvenzl/test LOGNAME=gvenzl XDG_SESSION_TYPE=tty MOTD_SHOWN=pam HOME=/home/gvenzl LANG=en_US.UTF-8 LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36: SSH_CONNECTION=10.0.2.2 49657 10.0.2.15 22 XDG_SESSION_CLASS=user TERM=xterm-256color LESSOPEN=||/usr/bin/lesspipe.sh %s USER=gvenzl SHLVL=1 XDG_SESSION_ID=2 XDG_RUNTIME_DIR=/run/user/1000 SSH_CLIENT=10.0.2.2 49657 22 DEBUGINFOD_URLS=https://debuginfod.centos.org/  which_declare=declare -f XDG_DATA_DIRS=/home/gvenzl/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share PATH=/home/gvenzl/.local/bin:/home/gvenzl/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus MAIL=/var/spool/mail/gvenzl SSH_TTY=/dev/pts/0 OLDPWD=/home/gvenzl BASH_FUNC_which%%=() {  ( alias;
 eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@
} _=/usr/bin/buildah TMPDIR=/var/tmp _CONTAINERS_USERNS_CONFIGURED=1 BUILDAH_ISOLATION=rootless], UID map [{ContainerID:0 HostID:1000 Size:1} {ContainerID:1 HostID:100000 Size:65536}], and GID map [{ContainerID:0 HostID:1000 Size:1} {ContainerID:1 HostID:100000 Size:65536}]
DEBU[0000] effective capabilities: [audit_control=true audit_read=true audit_write=true block_suspend=true bpf=true checkpoint_restore=true chown=true dac_override=true dac_read_search=true fowner=true fsetid=true ipc_lock=true ipc_owner=true kill=true lease=true linux_immutable=true mac_admin=true mac_override=true mknod=true net_admin=true net_bind_service=true net_broadcast=true net_raw=true perfmon=true setfcap=true setgid=true setpcap=true setuid=true sys_admin=true sys_boot=true sys_chroot=true sys_module=true sys_nice=true sys_pacct=true sys_ptrace=true sys_rawio=true sys_resource=true sys_time=true sys_tty_config=true syslog=true wake_alarm=true]
DEBU[0000] Pull Policy for pull [ifnewer]
DEBU[0000] Setting MaxPullPushRetries to 3 and PullPushRetryDelay to 2s
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] base for stage 0: "${BASE_IMAGE}"
DEBU[0000] base for stage 1: "base"
DEBU[0000] FROM "test AS base"
[1/2] STEP 1/1: FROM test AS base
DEBU[0000] Pulling image test (policy: newer)
DEBU[0000] Looking up image "test" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/001-rhel-shortnames.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/002-rhel-shortnames-overrides.conf"
DEBU[0000] Trying "localhost/test:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Found image "test" as "localhost/test:latest" in local containers storage
DEBU[0000] Found image "test" as "localhost/test:latest" in local containers storage ([overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144)
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Image test resolved to local image localhost/test:latest which will be used for pulling
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Attempting to pull candidate localhost/test:latest for localhost/test:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Trying to access "localhost/test:latest"
DEBU[0000] No credentials matching localhost/test found in /run/user/1000/containers/auth.json
DEBU[0000] No credentials matching localhost/test found in /home/gvenzl/.config/containers/auth.json
DEBU[0000] No credentials matching localhost/test found in /home/gvenzl/.docker/config.json
DEBU[0000] No credentials matching localhost/test found in /home/gvenzl/.dockercfg
DEBU[0000] No credentials for localhost/test found
DEBU[0000]  No signature storage configuration found for localhost/test:latest, using built-in default file:///home/gvenzl/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/localhost
DEBU[0000] GET https://localhost/v2/
DEBU[0000] Ping https://localhost/v2/ err Get "https://localhost/v2/": dial tcp [::1]:443: connect: connection refused (&url.Error{Op:"Get", URL:"https://localhost/v2/", Err:(*net.OpError)(0xc000216320)})
DEBU[0000] GET https://localhost/v1/_ping
DEBU[0000] Ping https://localhost/v1/_ping err Get "https://localhost/v1/_ping": dial tcp [::1]:443: connect: connection refused (&url.Error{Op:"Get", URL:"https://localhost/v1/_ping", Err:(*net.OpError)(0xc0008f2000)})
DEBU[0000] Accessing "localhost/test:latest" failed: pinging container registry localhost: Get "https://localhost/v2/": dial tcp [::1]:443: connect: connection refused
DEBU[0000] Looking up image "localhost/test:latest" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "localhost/test:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Found image "localhost/test:latest" as "localhost/test:latest" in local containers storage
DEBU[0000] Found image "localhost/test:latest" as "localhost/test:latest" in local containers storage ([overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144)
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Cached value indicated that idmapped mounts for overlay are not supported
DEBU[0000] Check for idmapped mounts support
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Cached value indicated that volatile is being used
DEBU[0000] overlay: mount_data=lowerdir=/home/gvenzl/.local/share/containers/storage/overlay/l/7HRN57CBCCK2OPZZJZC7YPEMRP:/home/gvenzl/.local/share/containers/storage/overlay/l/CDAEHIB2V7IWENG6JD6KJWJSQS,upperdir=/home/gvenzl/.local/share/containers/storage/overlay/106684efc172f7355fce9b6ad9cfda1daa35de7d47b713e8e0d54f4b20d1f793/diff,workdir=/home/gvenzl/.local/share/containers/storage/overlay/106684efc172f7355fce9b6ad9cfda1daa35de7d47b713e8e0d54f4b20d1f793/work,,userxattr,volatile
DEBU[0000] Container ID: 4a2cbf2e264d4cea8e1d471232fc65e65b782ce1280ae0f7904d127656348a87
--> d818df13c42c
DEBU[0000] FROM "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144 AS test1"
[2/2] STEP 1/2: FROM d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144 AS test1
DEBU[0000] Pulling image d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144 (policy: never)
DEBU[0000] Looking up image "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" in local containers storage
DEBU[0000] Trying "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" ...
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Found image "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" as "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" in local containers storage
DEBU[0000] Found image "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" as "d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144" in local containers storage ([overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144)
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] exporting opaque data as blob "sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] overlay: mount_data=lowerdir=/home/gvenzl/.local/share/containers/storage/overlay/l/7HRN57CBCCK2OPZZJZC7YPEMRP:/home/gvenzl/.local/share/containers/storage/overlay/l/CDAEHIB2V7IWENG6JD6KJWJSQS,upperdir=/home/gvenzl/.local/share/containers/storage/overlay/762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327/diff,workdir=/home/gvenzl/.local/share/containers/storage/overlay/762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327/work,,userxattr,volatile
DEBU[0000] Container ID: 444aa4fc49a5fe19387655fc0047ed940af49de9176336e261723e6f4c3502a4
DEBU[0000] Parsed Step: {Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] Command:run Args:[touch foo.bar.txt] Flags:[] Attrs:map[] Message:RUN touch foo.bar.txt Original:RUN touch foo.bar.txt }
[2/2] STEP 2/2: RUN touch foo.bar.txt
DEBU[0000] RUN imagebuilder.Run{Shell:true, Args:[]string{"touch foo.bar.txt"}, Mounts:[]string(nil), Network:""}, docker.Config{Hostname:"", Domainname:"", User:"", Memory:0, MemorySwap:0, MemoryReservation:0, KernelMemory:0, CPUShares:0, CPUSet:"", PortSpecs:[]string(nil), ExposedPorts:map[docker.Port]struct {}{}, PublishService:"", StopSignal:"", StopTimeout:0, Env:[]string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"}, Cmd:[]string{"/bin/sh"}, Shell:[]string{}, Healthcheck:(*docker.HealthConfig)(nil), DNS:[]string(nil), Image:"", Volumes:map[string]struct {}{}, VolumeDriver:"", WorkingDir:"", MacAddress:"", Entrypoint:[]string{}, SecurityOpts:[]string(nil), OnBuild:[]string{}, Mounts:[]docker.Mount(nil), Labels:map[string]string{"io.buildah.version":"1.31.5"}, AttachStdin:false, AttachStdout:false, AttachStderr:false, ArgsEscaped:false, Tty:false, OpenStdin:false, StdinOnce:false, NetworkDisabled:false, VolumesFrom:""}
DEBU[0000] using "/var/tmp/buildah1994244373" to hold bundle data
DEBU[0000] Resources: &define.CommonBuildOptions{AddHost:[]string{}, OmitHistory:false, CgroupParent:"", CPUPeriod:0x0, CPUQuota:0, CPUShares:0x0, CPUSetCPUs:"", CPUSetMems:"", HTTPProxy:true, IdentityLabel:0x1, Memory:0, DNSSearch:[]string{}, DNSServers:[]string{}, DNSOptions:[]string{}, LabelOpts:[]string(nil), MemorySwap:0, NoHosts:false, NoNewPrivileges:false, OmitTimestamp:false, SeccompProfilePath:"/usr/share/containers/seccomp.json", ApparmorProfile:"", ShmSize:"65536k", Ulimit:[]string{}, Volumes:[]string{}, Secrets:[]string{}, SSHSources:[]string{}, OCIHooksDir:[]string{}}
DEBU[0000] adding slirp4netns 10.0.2.3 built-in DNS server
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode subscription
DEBU[0000] bind mounted "/home/gvenzl/.local/share/containers/storage/overlay/762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327/merged" to "/var/tmp/buildah1994244373/mnt/rootfs"
DEBU[0000] bind mounted "/home/gvenzl/.local/share/containers/storage/overlay-containers/444aa4fc49a5fe19387655fc0047ed940af49de9176336e261723e6f4c3502a4/userdata/run/secrets" to "/var/tmp/buildah1994244373/mnt/buildah-bind-target-10"
DEBU[0000] config = {"ociVersion":"1.1.0-rc.3","process":{"user":{"uid":0,"gid":0,"additionalGids":[0,1,2,3,4,6,10,11,20,26,27]},"args":["/bin/sh","-c","touch foo.bar.txt"],"env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOSTNAME=444aa4fc49a5"],"cwd":"/","capabilities":{"bounding":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_NET_BIND_SERVICE","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"],"effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_NET_BIND_SERVICE","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"],"permitted":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_NET_BIND_SERVICE","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"],"ambient":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_NET_BIND_SERVICE","CAP_SETFCAP","CAP_SETGID","CAP_SETPCAP","CAP_SETUID","CAP_SYS_CHROOT"]},"rlimits":[{"type":"RLIMIT_NOFILE","hard":1024,"soft":1024}]},"root":{"path":"/var/tmp/buildah1994244373/mnt/rootfs"},"hostname":"444aa4fc49a5","mounts":[{"destination":"/dev","type":"tmpfs","source":"tmpfs","options":["nosuid","strictatime","mode=755","size=65536k"]},{"destination":"/proc","type":"proc","source":"proc","options":["nosuid","noexec","nodev"]},{"destination":"/sys","type":"sysfs","source":"sysfs","options":["nosuid","noexec","nodev","ro"]},{"destination":"/dev/mqueue","type":"mqueue","source":"mqueue","options":["nosuid","noexec","nodev"]},{"destination":"/dev/pts","type":"devpts","source":"devpts","options":["nosuid","noexec","newinstance","ptmxmode=0666","mode=0620","gid=5"]},{"destination":"/dev/shm","type":"tmpfs","source":"shm","options":["private","nodev","noexec","nosuid","mode=1777","size=65536k"]},{"destination":"/etc/hostname","type":"bind","source":"/var/tmp/buildah1994244373/hostname","options":["rbind"]},{"destination":"/etc/hosts","type":"bind","source":"/var/tmp/buildah1994244373/hosts","options":["rbind"]},{"destination":"/etc/resolv.conf","type":"bind","source":"/var/tmp/buildah1994244373/resolv.conf","options":["rbind"]},{"destination":"/run/.containerenv","type":"bind","source":"/var/tmp/buildah1994244373/run/.containerenv","options":["rbind"]},{"destination":"/run/secrets","type":"bind","source":"/var/tmp/buildah1994244373/mnt/buildah-bind-target-10","options":["bind","rprivate"]},{"destination":"/sys/fs/cgroup","type":"cgroup","source":"cgroup","options":["rprivate","nosuid","noexec","nodev","relatime","rw"]}],"linux":{"sysctl":{"net.ipv4.ping_group_range":"0 0"},"resources":{"devices":[{"allow":false,"access":"rwm"}]},"namespaces":[{"type":"pid"},{"type":"network"},{"type":"ipc"},{"type":"uts"},{"type":"mount"},{"type":"cgroup"}],"seccomp":{"defaultAction":"SCMP_ACT_ERRNO","defaultErrnoRet":38,"architectures":["SCMP_ARCH_X86_64","SCMP_ARCH_X86","SCMP_ARCH_X32"],"syscalls":[{"names":["bdflush","io_pgetevents","kexec_file_load","kexec_load","migrate_pages","move_pages","nfsservctl","nice","oldfstat","oldlstat","oldolduname","oldstat","olduname","pciconfig_iobase","pciconfig_read","pciconfig_write","sgetmask","ssetmask","swapcontext","swapoff","swapon","sysfs","uselib","userfaultfd","ustat","vm86","vm86old","vmsplice"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["_llseek","_newselect","accept","accept4","access","adjtimex","alarm","bind","brk","capget","capset","chdir","chmod","chown","chown32","clock_adjtime","clock_adjtime64","clock_getres","clock_getres_time64","clock_gettime","clock_gettime64","clock_nanosleep","clock_nanosleep_time64","clone","clone3","close","close_range","connect","copy_file_range","creat","dup","dup2","dup3","epoll_create","epoll_create1","epoll_ctl","epoll_ctl_old","epoll_pwait","epoll_pwait2","epoll_wait","epoll_wait_old","eventfd","eventfd2","execve","execveat","exit","exit_group","faccessat","faccessat2","fadvise64","fadvise64_64","fallocate","fanotify_mark","fchdir","fchmod","fchmodat","fchown","fchown32","fchownat","fcntl","fcntl64","fdatasync","fgetxattr","flistxattr","flock","fork","fremovexattr","fsconfig","fsetxattr","fsmount","fsopen","fspick","fstat","fstat64","fstatat64","fstatfs","fstatfs64","fsync","ftruncate","ftruncate64","futex","futex_time64","futimesat","get_mempolicy","get_robust_list","get_thread_area","getcpu","getcwd","getdents","getdents64","getegid","getegid32","geteuid","geteuid32","getgid","getgid32","getgroups","getgroups32","getitimer","getpeername","getpgid","getpgrp","getpid","getppid","getpriority","getrandom","getresgid","getresgid32","getresuid","getresuid32","getrlimit","getrusage","getsid","getsockname","getsockopt","gettid","gettimeofday","getuid","getuid32","getxattr","inotify_add_watch","inotify_init","inotify_init1","inotify_rm_watch","io_cancel","io_destroy","io_getevents","io_setup","io_submit","ioctl","ioprio_get","ioprio_set","ipc","keyctl","kill","landlock_add_rule","landlock_create_ruleset","landlock_restrict_self","lchown","lchown32","lgetxattr","link","linkat","listen","listxattr","llistxattr","lremovexattr","lseek","lsetxattr","lstat","lstat64","madvise","mbind","membarrier","memfd_create","memfd_secret","mincore","mkdir","mkdirat","mknod","mknodat","mlock","mlock2","mlockall","mmap","mmap2","mount","mount_setattr","move_mount","mprotect","mq_getsetattr","mq_notify","mq_open","mq_timedreceive","mq_timedreceive_time64","mq_timedsend","mq_timedsend_time64","mq_unlink","mremap","msgctl","msgget","msgrcv","msgsnd","msync","munlock","munlockall","munmap","name_to_handle_at","nanosleep","newfstatat","open","open_tree","openat","openat2","pause","pidfd_getfd","pidfd_open","pidfd_send_signal","pipe","pipe2","pivot_root","pkey_alloc","pkey_free","pkey_mprotect","poll","ppoll","ppoll_time64","prctl","pread64","preadv","preadv2","prlimit64","process_mrelease","process_vm_readv","process_vm_writev","pselect6","pselect6_time64","ptrace","pwrite64","pwritev","pwritev2","read","readahead","readdir","readlink","readlinkat","readv","reboot","recv","recvfrom","recvmmsg","recvmmsg_time64","recvmsg","remap_file_pages","removexattr","rename","renameat","renameat2","restart_syscall","rmdir","rseq","rt_sigaction","rt_sigpending","rt_sigprocmask","rt_sigqueueinfo","rt_sigreturn","rt_sigsuspend","rt_sigtimedwait","rt_sigtimedwait_time64","rt_tgsigqueueinfo","sched_get_priority_max","sched_get_priority_min","sched_getaffinity","sched_getattr","sched_getparam","sched_getscheduler","sched_rr_get_interval","sched_rr_get_interval_time64","sched_setaffinity","sched_setattr","sched_setparam","sched_setscheduler","sched_yield","seccomp","select","semctl","semget","semop","semtimedop","semtimedop_time64","send","sendfile","sendfile64","sendmmsg","sendmsg","sendto","set_mempolicy","set_robust_list","set_thread_area","set_tid_address","setfsgid","setfsgid32","setfsuid","setfsuid32","setgid","setgid32","setgroups","setgroups32","setitimer","setns","setpgid","setpriority","setregid","setregid32","setresgid","setresgid32","setresuid","setresuid32","setreuid","setreuid32","setrlimit","setsid","setsockopt","setuid","setuid32","setxattr","shmat","shmctl","shmdt","shmget","shutdown","sigaction","sigaltstack","signal","signalfd","signalfd4","sigpending","sigprocmask","sigreturn","sigsuspend","socket","socketcall","socketpair","splice","stat","stat64","statfs","statfs64","statx","symlink","symlinkat","sync","sync_file_range","syncfs","syscall","sysinfo","syslog","tee","tgkill","time","timer_create","timer_delete","timer_getoverrun","timer_gettime","timer_gettime64","timer_settime","timer_settime64","timerfd","timerfd_create","timerfd_gettime","timerfd_gettime64","timerfd_settime","timerfd_settime64","times","tkill","truncate","truncate64","ugetrlimit","umask","umount","umount2","uname","unlink","unlinkat","unshare","utime","utimensat","utimensat_time64","utimes","vfork","wait4","waitid","waitpid","write","writev"],"action":"SCMP_ACT_ALLOW"},{"names":["personality"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":0,"op":"SCMP_CMP_EQ"}]},{"names":["personality"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":8,"op":"SCMP_CMP_EQ"}]},{"names":["personality"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":131072,"op":"SCMP_CMP_EQ"}]},{"names":["personality"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":131080,"op":"SCMP_CMP_EQ"}]},{"names":["personality"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":4294967295,"op":"SCMP_CMP_EQ"}]},{"names":["arch_prctl"],"action":"SCMP_ACT_ALLOW"},{"names":["modify_ldt"],"action":"SCMP_ACT_ALLOW"},{"names":["open_by_handle_at"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["bpf","fanotify_init","lookup_dcookie","perf_event_open","quotactl","setdomainname","sethostname","setns"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["chroot"],"action":"SCMP_ACT_ALLOW"},{"names":["delete_module","finit_module","init_module","query_module"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["acct"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["kcmp","process_madvise"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["ioperm","iopl"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["clock_settime","clock_settime64","settimeofday","stime"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["vhangup"],"action":"SCMP_ACT_ERRNO","errnoRet":1},{"names":["socket"],"action":"SCMP_ACT_ERRNO","errnoRet":22,"args":[{"index":0,"value":16,"op":"SCMP_CMP_EQ"},{"index":2,"value":9,"op":"SCMP_CMP_EQ"}]},{"names":["socket"],"action":"SCMP_ACT_ALLOW","args":[{"index":2,"value":9,"op":"SCMP_CMP_NE"}]},{"names":["socket"],"action":"SCMP_ACT_ALLOW","args":[{"index":0,"value":16,"op":"SCMP_CMP_NE"}]},{"names":["socket"],"action":"SCMP_ACT_ALLOW","args":[{"index":2,"value":9,"op":"SCMP_CMP_NE"}]}]},"maskedPaths":["/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware","/sys/fs/selinux","/sys/dev","/sys/devices/virtual/powercap"],"readonlyPaths":["/proc/asound","/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"]}}
DEBU[0000] Running ["/usr/bin/crun" "create" "--bundle" "/var/tmp/buildah1994244373" "--pid-file" "/var/tmp/buildah1994244373/pid" "--no-new-keyring" "buildah-buildah1994244373"]
DEBU[0000] waiting for parent start message
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -r 3 --netns-type=path /proc/440044/ns/net tap0
DEBU[0000] network namespace successfully setup, send start message to child
DEBU[0000] Running ["/usr/bin/crun" "start" "buildah-buildah1994244373"]
DEBU[0000] closing stdin
DEBU[0000] "/var/tmp/buildah1994244373/mnt/buildah-bind-target-10" is apparently not really mounted, skipping
DEBU[0000] "/var/tmp/buildah1994244373/mnt/rootfs" is apparently not really mounted, skipping
DEBU[0000] "/var/tmp/buildah1994244373/mnt" is apparently not really mounted, skipping
DEBU[0000] COMMIT test1
[2/2] COMMIT test1
DEBU[0000] Looking up image "test1" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "localhost/test1:latest" ...
DEBU[0000] reference "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]localhost/test1:latest" does not resolve to an image ID
DEBU[0000] Trying "docker.io/library/test1:latest" ...
DEBU[0000] reference "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/test1:latest" does not resolve to an image ID
DEBU[0000] Trying "docker.io/library/test1:latest" ...
DEBU[0000] reference "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]docker.io/library/test1:latest" does not resolve to an image ID
DEBU[0000] Trying "test1" ...
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]localhost/test1:latest"
DEBU[0000] COMMIT "containers-storage:[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]localhost/test1:latest"
DEBU[0000] committing image with reference "containers-storage:[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]localhost/test1:latest" is allowed by policy
DEBU[0000] layer list: ["d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820" "238289c0495ffb0ed843ad344684b17068a19698e53e8929944ed38911f5c246" "762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327"]
DEBU[0000] using "/var/tmp/buildah404148655" to hold temporary data
DEBU[0000] Tar with options on /home/gvenzl/.local/share/containers/storage/overlay/762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327/diff
DEBU[0000] layer "762b905741d0087791413b7314ac4a68732dcdd995e97008aacd11b26c7f3327" size is 3072 bytes, uncompressed digest sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845, possibly-compressed digest sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845
DEBU[0000] OCIv1 config = {"created":"2024-04-29T03:45:31.414500995Z","architecture":"amd64","os":"linux","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"],"Labels":{"io.buildah.version":"1.31.5"}},"rootfs":{"type":"layers","diff_ids":["sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820","sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17","sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845"]},"history":[{"created":"2024-01-27T00:30:48.624602109Z","created_by":"/bin/sh -c #(nop) ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in / "},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"/bin/sh -c #(nop)  CMD [\"/bin/sh\"]","empty_layer":true},{"created":"2024-04-29T03:43:04.979862929Z","created_by":"/bin/sh -c touch test.txt","comment":"FROM docker.io/library/alpine:latest"},{"created":"2024-04-29T03:45:31.416121929Z","created_by":"/bin/sh -c touch foo.bar.txt ","comment":"FROM localhost/test:latest"}]}
DEBU[0000] OCIv1 manifest = {"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5","size":1038},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar","digest":"sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820","size":7667200},{"mediaType":"application/vnd.oci.image.layer.v1.tar","digest":"sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17","size":5120},{"mediaType":"application/vnd.oci.image.layer.v1.tar","digest":"sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845","size":3072}],"annotations":{"org.opencontainers.image.base.digest":"sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0","org.opencontainers.image.base.name":"docker.io/library/alpine:latest"}}
DEBU[0000] Docker v2s2 config = {"created":"2024-04-29T03:45:31.414500995Z","container":"444aa4fc49a5fe19387655fc0047ed940af49de9176336e261723e6f4c3502a4","container_config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"],"Image":"","Volumes":{},"WorkingDir":"","Entrypoint":[],"OnBuild":[],"Labels":{"io.buildah.version":"1.31.5"}},"config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"],"Image":"","Volumes":{},"WorkingDir":"","Entrypoint":[],"OnBuild":[],"Labels":{"io.buildah.version":"1.31.5"}},"architecture":"amd64","os":"linux","parent":"sha256:d818df13c42cbddeddfe4a1eb0944c8a41db0f373fe16a39d294ff82987a3144","rootfs":{"type":"layers","diff_ids":["sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820","sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17","sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845"]},"history":[{"created":"2024-01-27T00:30:48.624602109Z","created_by":"/bin/sh -c #(nop) ADD file:37a76ec18f9887751cd8473744917d08b7431fc4085097bb6a09d81b41775473 in / "},{"created":"2024-01-27T00:30:48.743965523Z","created_by":"/bin/sh -c #(nop)  CMD [\"/bin/sh\"]","empty_layer":true},{"created":"2024-04-29T03:43:04.979862929Z","created_by":"/bin/sh -c touch test.txt","comment":"FROM docker.io/library/alpine:latest"},{"created":"2024-04-29T03:45:31.416121929Z","created_by":"/bin/sh -c touch foo.bar.txt ","comment":"FROM localhost/test:latest"}]}
DEBU[0000] Docker v2s2 manifest = {"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","size":1794,"digest":"sha256:83861bfc4ac071db89d38c8e869ad6b9994ade18dc8437b182cb5698791966a1"},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar","size":7667200,"digest":"sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar","size":5120,"digest":"sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17"},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar","size":3072,"digest":"sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845"}]}
DEBU[0000] Using blob info cache at /home/gvenzl/.local/share/containers/cache/blob-info-cache-v1.boltdb
DEBU[0000] IsRunningImageAllowed for image containers-storage:
DEBU[0000]  Using transport "containers-storage" policy section
DEBU[0000]  Requirement 0: allowed
DEBU[0000] Overall: allowed
DEBU[0000] start reading config
DEBU[0000] finished reading config
Getting image source signatures
DEBU[0000] Manifest has MIME type application/vnd.oci.image.manifest.v1+json, ordered candidate list [application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.docker.distribution.manifest.v1+json]
DEBU[0000] ... will first try using the original manifest unmodified
DEBU[0000] Checking if we can reuse blob sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar" = true
DEBU[0000] Skipping blob sha256:d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 (already present):
DEBU[0000] Checking if we can reuse blob sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar" = true
DEBU[0000] Skipping blob sha256:80b03e0eb50b593f0ada1f71a7f8af6488464e6708e3d26405f46cac9cf6fc17 (already present):
Copying blob d4fc045c9e3a skipped: already exists
Copying blob 80b03e0eb50b skipped: already exists
DEBU[0000] Checking if we can reuse blob sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar" = true
DEBU[0000] reading layer "sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845"
Copying blob d4fc045c9e3a skipped: already exists
Copying blob 80b03e0eb50b skipped: already exists
Copying blob 88c7920c4a6a done
DEBU[0000] Applying tar in /home/gvenzl/.local/share/containers/storage/overlay/684c77943bdbc3d4783170cbcebb9110f1572ed775fe6bcb743d964a2776a22f/diff
DEBU[0000] finished reading layer "sha256:88c7920c4a6a64d5c0660b9af6850978e8ae27c7ff97cc2672aa436355cfd845"
DEBU[0000] No compression detected
DEBU[0000] Compression change for blob sha256:8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5 ("application/vnd.oci.image.config.v1+json") not supported
DEBU[0000] Using original blob without modification
Copying config 8d45ccbdfd done
Writing manifest to image destination
DEBU[0000] setting image creation date to 2024-04-29 03:45:31.414500995 +0000 UTC
DEBU[0000] created new image ID "8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5"
DEBU[0000] saved image metadata "{}"
DEBU[0000] added name "localhost/test1:latest" to image "8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5"
--> 8d45ccbdfdf8
DEBU[0000] Looking up image "test1" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "localhost/test1:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5"
DEBU[0000] Found image "test1" as "localhost/test1:latest" in local containers storage
DEBU[0000] Found image "test1" as "localhost/test1:latest" in local containers storage ([overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]@8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5)
DEBU[0000] exporting opaque data as blob "sha256:8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5"
DEBU[0000] parsed reference into "[overlay@/home/gvenzl/.local/share/containers/storage+/run/user/1000/containers]localhost/test1:latest"
Successfully tagged localhost/test1:latest
DEBU[0000] printing final image id "8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5"
8d45ccbdfdf8b3c5fa0bad86ff4d9c051a21ce93dd79beb9414817219c7e1df5
DEBU[0000] shutting down the store
[gvenzl@localhost test]$

The result is that the previous image called test with id d818df13c42c has disappeared:

[gvenzl@localhost test]$ podman images
REPOSITORY                                    TAG                  IMAGE ID      CREATED            SIZE
localhost/test1                               latest               8d45ccbdfdf8  4 seconds ago      7.68 MB

Describe the results you received: The base image test with id d818df13c42c has been removed or is no longer visible.

Describe the results you expected: The base image test with id d818df13c42c should remain untouched.

Output of rpm -q buildah or apt list buildah:

buildah-1.31.5-1.el9_3.x86_64

Output of buildah version:

Version:         1.31.5
Go Version:      go1.20.12
Image Spec:      1.1.0-rc.3
Runtime Spec:    1.1.0-rc.3
CNI Spec:        1.0.0
libcni Version:  v1.1.2
image Version:   5.26.2
Git Commit:
Built:           Thu Apr 25 07:55:37 2024
OS/Arch:         linux/amd64
BuildPlatform:   linux/amd64

Output of podman version if reporting a podman build issue:

Version:         1.31.5
Go Version:      go1.20.12
Image Spec:      1.1.0-rc.3
Runtime Spec:    1.1.0-rc.3
CNI Spec:        1.0.0
libcni Version:  v1.1.2
image Version:   5.26.2
Git Commit:
Built:           Thu Apr 25 07:55:37 2024
OS/Arch:         linux/amd64
BuildPlatform:   linux/amd64
[gvenzl@localhost test]$ podman version
Client:       Podman Engine
Version:      4.6.1
API Version:  4.6.1
Go Version:   go1.20.12
Built:        Wed Mar  6 03:08:41 2024
OS/Arch:      linux/amd64

*Output of `cat /etc/release`:**

NAME="Rocky Linux"
VERSION="9.3 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.3 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.3"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.3"
Rocky Linux release 9.3 (Blue Onyx)
Rocky Linux release 9.3 (Blue Onyx)
Rocky Linux release 9.3 (Blue Onyx)

Output of uname -a:

Linux localhost.localdomain 5.14.0-362.24.1.el9_3.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 4 22:31:43 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

# This file is the configuration file for all tools
# that use the containers/storage library. The storage.conf file
# overrides all other storage.conf files. Container engines using the
# container/storage library do not inherit fields from other storage.conf
# files.
#
#  Note: The storage.conf file overrides other storage.conf files based on this precedence:
#      /usr/containers/storage.conf
#      /etc/containers/storage.conf
#      $HOME/.config/containers/storage.conf
#      $XDG_CONFIG_HOME/containers/storage.conf (If XDG_CONFIG_HOME is set)
# See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options.
[storage]

# Default Storage Driver, Must be set for proper operation.
driver = "overlay"

# Temporary storage location
runroot = "/run/containers/storage"

# Primary Read/Write location of container storage
# When changing the graphroot location on an SELINUX system, you must
# ensure  the labeling matches the default locations labels with the
# following commands:
# semanage fcontext -a -e /var/lib/containers/storage /NEWSTORAGEPATH
# restorecon -R -v /NEWSTORAGEPATH
graphroot = "/var/lib/containers/storage"

# Storage path for rootless users
#
# rootless_storage_path = "$HOME/.local/share/containers/storage"

# Transient store mode makes all container metadata be saved in temporary storage
# (i.e. runroot above). This is faster, but doesn't persist across reboots.
# Additional garbage collection must also be performed at boot-time, so this
# option should remain disabled in most configurations.
# transient_store = true

[storage.options]
# Storage options to be passed to underlying storage drivers

# AdditionalImageStores is used to pass paths to additional Read/Only image stores
# Must be comma separated list.
additionalimagestores = [
]

# Allows specification of how storage is populated when pulling images. This
# option can speed the pulling process of images compressed with format
# zstd:chunked. Containers/storage looks for files within images that are being
# pulled from a container registry that were previously pulled to the host.  It
# can copy or create a hard link to the existing file when it finds them,
# eliminating the need to pull them from the container registry. These options
# can deduplicate pulling of content, disk storage of content and can allow the
# kernel to use less memory when running containers.

# containers/storage supports three keys
#   * enable_partial_images="true" | "false"
#     Tells containers/storage to look for files previously pulled in storage
#     rather then always pulling them from the container registry.
#   * use_hard_links = "false" | "true"
#     Tells containers/storage to use hard links rather then create new files in
#     the image, if an identical file already existed in storage.
#   * ostree_repos = ""
#     Tells containers/storage where an ostree repository exists that might have
#     previously pulled content which can be used when attempting to avoid
#     pulling content from the container registry
pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""}

# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
# a container, to the UIDs/GIDs as they should appear outside of the container,
# and the length of the range of UIDs/GIDs.  Additional mapped sets can be
# listed and will be heeded by libraries, but there are limits to the number of
# mappings which the kernel will allow when you later attempt to run a
# container.
#
# remap-uids = "0:1668442479:65536"
# remap-gids = "0:1668442479:65536"

# Remap-User/Group is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
# with an in-container ID of 0 and then a host-level ID taken from the lowest
# range that matches the specified name, and using the length of that range.
# Additional ranges are then assigned, using the ranges which specify the
# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
# until all of the entries have been used for maps. This setting overrides the
# Remap-UIDs/GIDs setting.
#
# remap-user = "containers"
# remap-group = "containers"

# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
# to containers configured to create automatically a user namespace.  Containers
# configured to automatically create a user namespace can still overlap with containers
# having an explicit mapping set.
# This setting is ignored when running as rootless.
# root-auto-userns-user = "storage"
#
# Auto-userns-min-size is the minimum size for a user namespace created automatically.
# auto-userns-min-size=1024
#
# Auto-userns-max-size is the maximum size for a user namespace created automatically.
# auto-userns-max-size=65536

[storage.options.overlay]
# ignore_chown_errors can be set to allow a non privileged user running with
# a single UID within a user namespace to run containers. The user can pull
# and use any image even those with multiple uids.  Note multiple UIDs will be
# squashed down to the default uid in the container.  These images will have no
# separation between the users in the container. Only supported for the overlay
# and vfs drivers.
#ignore_chown_errors = "false"

# Inodes is used to set a maximum inodes of the container image.
# inodes = ""

# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
#mount_program = "/usr/bin/fuse-overlayfs"

# mountopt specifies comma separated list of extra mount options
mountopt = "nodev,metacopy=on"

# Set to skip a PRIVATE bind mount on the storage home directory.
# skip_mount_home = "false"

# Size is used to set a maximum size of the container image.
# size = ""

# ForceMask specifies the permissions mask that is used for new files and
# directories.
#
# The values "shared" and "private" are accepted.
# Octal permission masks are also accepted.
#
#  "": No value specified.
#     All files/directories, get set with the permissions identified within the
#     image.
#  "private": it is equivalent to 0700.
#     All files/directories get set with 0700 permissions.  The owner has rwx
#     access to the files. No other users on the system can access the files.
#     This setting could be used with networked based homedirs.
#  "shared": it is equivalent to 0755.
#     The owner has rwx access to the files and everyone else can read, access
#     and execute them. This setting is useful for sharing containers storage
#     with other users.  For instance have a storage owned by root but shared
#     to rootless users as an additional store.
#     NOTE:  All files within the image are made readable and executable by any
#     user on the system. Even /etc/shadow within your image is now readable by
#     any user.
#
#   OCTAL: Users can experiment with other OCTAL Permissions.
#
#  Note: The force_mask Flag is an experimental feature, it could change in the
#  future.  When "force_mask" is set the original permission mask is stored in
#  the "user.containers.override_stat" xattr and the "mount_program" option must
#  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
#  extended attribute permissions to processes within containers rather than the
#  "force_mask"  permissions.
#
# force_mask = ""

[storage.options.thinpool]
# Storage Options for thinpool

# autoextend_percent determines the amount by which pool needs to be
# grown. This is specified in terms of % of pool size. So a value of 20 means
# that when threshold is hit, pool will be grown by 20% of existing
# pool size.
# autoextend_percent = "20"

# autoextend_threshold determines the pool extension threshold in terms
# of percentage of pool size. For example, if threshold is 60, that means when
# pool is 60% full, threshold has been hit.
# autoextend_threshold = "80"

# basesize specifies the size to use when creating the base device, which
# limits the size of images and containers.
# basesize = "10G"

# blocksize specifies a custom blocksize to use for the thin pool.
# blocksize="64k"

# directlvm_device specifies a custom block storage device to use for the
# thin pool. Required if you setup devicemapper.
# directlvm_device = ""

# directlvm_device_force wipes device even if device already has a filesystem.
# directlvm_device_force = "True"

# fs specifies the filesystem type to use for the base device.
# fs="xfs"

# log_level sets the log level of devicemapper.
# 0: LogLevelSuppress 0 (Default)
# 2: LogLevelFatal
# 3: LogLevelErr
# 4: LogLevelWarn
# 5: LogLevelNotice
# 6: LogLevelInfo
# 7: LogLevelDebug
# log_level = "7"

# min_free_space specifies the min free space percent in a thin pool require for
# new device creation to succeed. Valid values are from 0% - 99%.
# Value 0% disables
# min_free_space = "10%"

# mkfsarg specifies extra mkfs arguments to be used when creating the base
# device.
# mkfsarg = ""

# metadata_size is used to set the `pvcreate --metadatasize` options when
# creating thin devices. Default is 128k
# metadata_size = ""

# Size is used to set a maximum size of the container image.
# size = ""

# use_deferred_removal marks devicemapper block device for deferred removal.
# If the thinpool is in use when the driver attempts to remove it, the driver
# tells the kernel to remove it as soon as possible. Note this does not free
# up the disk space, use deferred deletion to fully remove the thinpool.
# use_deferred_removal = "True"

# use_deferred_deletion marks thinpool device for deferred deletion.
# If the device is busy when the driver attempts to delete it, the driver
# will attempt to delete device every 30 seconds until successful.
# If the program using the driver exits, the driver will continue attempting
# to cleanup the next time the driver is used. Deferred deletion permanently
# deletes the device and all data stored in device will be lost.
# use_deferred_deletion = "True"

# xfs_nospace_max_retries specifies the maximum number of retries XFS should
# attempt to complete IO when ENOSPC (no space) error is returned by
# underlying storage device.
# xfs_nospace_max_retries = "0"

containers / buildah

buildah automatically removes base image after build #5491