search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.55k stars 2.39k forks source link

POST endpoint `libpod/containers/create` does not respect `volume` as `mounts/*/Type` #18408

Open marhkb opened 1 year ago

marhkb commented 1 year ago

Issue Description

I'm currently trying to use an exisiting volume when creating a new container through the HTTP API.

The creation of the container is successful, but it cannot be started, because the mount type is not set correctly. The API docs state that "Type represents the type of a mount" and here is described what types are allowed. So I would expect this to work.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Create a volume $ podman volume create foo
  2. Use the HTTP API to create a new container curl --unix-socket /run/user/1000/podman/podman.sock http://d/v4.5.0/libpod/containers/create -H "content-type: application/json" --data '{ "image": "alpine", "mounts":[{ "destination": "/test", "options": ["rw"], "source": "foo", "type": "volume"}], "name": "bar" }'
  3. Starting it will fail 
    $ podman start bar
Error: OCI runtime error: unable to start container "2a8d7cb33aa7feb23826a072d0ae1994141230a1ba2fbf3cf53cda512972074f": crun: mount `foo` to `test`: No such device
  4. Inspecting it reveals that it has bind as mount type but it should have volume 
    "Mounts": [
{
  "Destination": "/test",
  "Driver": "",
  "Mode": "",
  "Options": [],
  "Propagation": "",
  "RW": true,
  "Source": "foo",
  "Type": "bind"
}
],

Describe the results you received

I've received a container having the wrong mount type bind.

Describe the results you expected

The mount type of the created container should be volume instead of bind.

podman info output

host:
  arch: amd64
  buildahVersion: 1.30.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.7-2.fc38.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.7, commit: '
  cpuUtilization:
    idlePercent: 85.09
    systemPercent: 2.03
    userPercent: 12.89
  cpus: 16
  databaseBackend: boltdb
  distribution:
    distribution: fedora
    variant: silverblue
    version: "38"
  eventLogger: journald
  hostname: asus-tuf-gaming-X570-plus
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.2.13-300.fc38.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 5241049088
  memTotal: 67314642944
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-1.8.4-1.fc38.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.4
      commit: 5a8fa99a5e41facba2eda4af12fa26313918805b
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-12.fc38.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 8558997504
  swapTotal: 8589930496
  uptime: 23h 55m 8.00s (Approximately 0.96 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /var/home/marcus/.config/containers/storage.conf
  containerStore:
    number: 17
    paused: 0
    running: 2
    stopped: 15
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/marcus/.local/share/containers/storage
  graphRootAllocated: 3248905781248
  graphRootUsed: 608569556992
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 22
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /var/home/marcus/.local/share/containers/storage/volumes
version:
  APIVersion: 4.5.0
  Built: 1681486942
  BuiltTime: Fri Apr 14 17:42:22 2023
  GitCommit: ""
  GoVersion: go1.20.2
  Os: linux
  OsArch: linux/amd64
  Version: 4.5.0

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

github-actions[bot] commented 1 year ago

A friendly reminder that this issue had no activity for 30 days.

rhatdan commented 1 year ago

@mheon PTAL

mheon commented 1 year ago

I think Volumes are only supposed to be specified through the volumes field, not mounts, but that leaves the question as to why mounts allows specifying a type at all.

github-actions[bot] commented 1 year ago

A friendly reminder that this issue had no activity for 30 days.

rhatdan commented 1 year ago

Looks correct from the local client point of view.

$ podman volume create dan
dan
$ podman run --mount type=volume,src=dan,destination=/dan alpine ls /dan
$ podman inspect -l
...
          "Mounts": [
               {
                    "Type": "volume",
                    "Name": "dan",
                    "Source": "/home/dwalsh/.local/share/containers/storage/volumes/dan/_data",
                    "Destination": "/dan",
                    "Driver": "local",
                    "Mode": "",
                    "Options": [
                         "nosuid",
                         "nodev",
                         "rbind"
                    ],
                    "RW": true,
                    "Propagation": "rprivate"
               }