run -P: TOCTOU in port allocation: bind: address already in use

[edsantiago]

The local port allocated with run -P seems unsafe when multiple jobs start at once:

$ podman [options] run --name portcheck -dt -P --health-cmd curl -f http://localhost/ quay.io/libpod/alpine_nginx:latest
Error: rootlessport listen tcp 0.0.0.0:43185: bind: address already in use

And it's not just rootless:

# podman [options] run -dt -P --health-cmd curl -f http://localhost/ quay.io/libpod/alpine_nginx:latest
Error: cannot listen on the TCP port: listen tcp4 :42611: bind: address already in use

In both cases the ports had been grabbed by a different nginx test.

From my look last night I think this is a podman/rootlessport bug, not something that can be fixed in e2e tests. So even though this is infrequent, it's something that can probably manifest in the field.

• fedora-38 : int podman fedora-38 root host boltdb
  • 05-18-2023 14:08 in podman container port -l nginx
• fedora-38 : int podman fedora-38 rootless host sqlite
  • 06-28 18:38 in Podman port podman port nginx by name

[Luap99]

You are correct this is a race within podman. The current flow is allocate the ports once on container creation which obviously leads to race conditions with other processes. It is a long standing issue: https://github.com/containers/podman/issues/10205#issuecomment-1010055023

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.