Closed BlaineEXE closed 5 months ago
@vrothberg PTAL
Thanks for filing the issue, @BlaineEXE!
I think mounting ~/.config/containers
from the client into the machine is a general problem not limited to auth files. I vote for completely masking this path.
@ashley-cui @baude WDYT?
I don't think that is the problem, keep in mind /Users should not be accessed by the VM user at all. ~/.config
in the VM should resolve to /var/home/core/.config
as this is the actual $HOME for the core user AFAICT. So there should not be a conflict.
If this is is really a write conflict between VM and host than I find it more likely that the remote client leaked the path to the server somehow.
If this is is really a write conflict between VM and host than I find it more likely that the remote client leaked the path to the server somehow.
That is pretty much what I meant. How could the path be leaked other than by mounting into the VM?
I'd be okay with masking the path, but Paul is correct in that the Podman inside the machine should be using /var/home/core/.config
.
I didn't see this issue reported by anyone else, which I find strange. It's possible that my machine just has the perfect timing race condition that is exposing it. But after the latest convo here, I tried looking in the podman configs I'm aware of to see if I set the config location manually in case that may be the corner case causing me to be the only one experiencing the issue. I don't see anything there though. Should I look into any specific files?
Thanks, @BlaineEXE ! I think we need to investigate a bit further.
@ashley-cui do you have cycles to look into it?
I'll try to take a look today or tomorrow, I'll update on whether or not I can reproduce.
Finally got around to it, ran machine for a couple of days and also started/stopped machine in a loop for an hour, but wasn't able to reproduce unfortunately.
@ashley-cui I have noticed that the CLI podman machine init
seems to create the volumes by default, but podman desktop does not. That could affect your test if you don't use CLI.
Also, if this is a race condition, it's possible something about my system is more prone to the issue than others. I also have the machine use 2 CPUs and 3072 MB of memory, but that seems unlikely to be relevant.
I tried reproducing with the CLI, unfortunately nothing came up
A friendly reminder that this issue had no activity for 30 days.
Since we were not able to reproduce and no additional info came, I am closing. Reopen if we can get a reproducer.
I am reopening as a corrupted credential file is serious. At the very least, we should do a code audit in case we're unable to reproduce. For reproducing, please make sure that ~/.config/containers/auth.json
is populated (e.g., from a podman login
) and has multiple entries.
Given we have no heard anything back I assume this works, also podman 5.0 uses applehv with virtiofs instead so maybe that fixed the issue with 9p or whatever caused it.
Issue Description
When running podman machine on MacOS (M1), I regularly get corrupt a corrupt
~/.config/containers/auth.json
file.I notice that there are several dirs mounted to the machine VM by default including
/Users
. If I remove the mount for/Users
, the corruption no longer occurs. However, when doing so I notice that I can then no longer mount content from/Users/...
into my containers.I suspect that the podman process running in the VM may be modifying the auth file at the same time as the podman process on my local machine.
Steps to reproduce the issue
Steps to reproduce the issue
Describe the results you received
I get corruption of the
~/.config/containers/auth.json
file. The corruption appears to be misplaced copies of login info from other parts of the file. For example, the last 5 lines of the file may be duplicated.Describe the results you expected
I expect that the auth file should not be corrupted and should have a stable record of my logged in registries.
podman info output