Two sockets by default on podman-remote

[SistachReinoso]

Issue Description

If you do not configure anything, the podman-remote command expects to have two sockets available.

• /tmp/podman-run-${USER_ID}/podman/podman.sock
• ${USER_HOME}/rundir/podman/podman.sock

This problem arose when trying to make a container with access to the host's podman

podman-remote version
Client:       Podman Engine
Version:      4.4.1
API Version:  4.4.1
Go Version:   go1.19.10
Built:        Thu Aug 17 13:30:33 2023
OS/Arch:      linux/amd64

Server:       Podman Engine
Version:      4.6.2
API Version:  4.6.2
Go Version:   go1.18.1
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64

One solution is making a config: Without config:

podman-remote system connection add dev unix:///home/developer/rundir/podman/podman.sock

Steps to reproduce the issue

With Makefile

build:
    podman build \
        --file Containerfile \
        --tag podman-remote-rootless \
        --build-arg="user=${USERNAME}" \
        --build-arg="user_id=$(shell id -u)" \
        --build-arg="user_group=$(shell id -g)"

run:
    $(eval CONTAINER_SOCK := "$(shell podman info --format '{{.Host.RemoteSocket.Path}}')")
    podman run \
        --rm \
        -ti \
        --userns=keep-id \
        --volume "${CONTAINER_SOCK}:/tmp/podman-run-$(shell id -u)/podman/podman.sock" \
        --volume "${CONTAINER_SOCK}:/home/developer/rundir/podman/podman.sock" \
        podman-remote-rootless \
        podman-remote ps

PHONY: build run

And Containerfile

FROM docker.io/redhat/ubi9

ARG user
ARG user_id
ARG user_group
ARG user_home=/home/developer

RUN dnf update -y \
 && dnf install -y podman-remote \
 && dnf clean all

RUN groupadd -g ${user_group} ${user} \
 && useradd -u ${user_id} -g ${user} -d ${user_home} -s /bin/bash ${user} \
 && mkdir -p ${user_home}/rundir/libpod \
 && chown ${user} -R ${user_home}

USER ${user}

Steps:

1. make build
2. make run

This works correctly, but if you remove one of the socket volumes it stops working

With two sockets:

make run
CONTAINER ID  IMAGE                                    COMMAND            CREATED                 STATUS                 PORTS       NAMES
da91a8a1d922  localhost/podman-remote-rootless:latest  podman-remote ps   Less than a second ago  Up Less than a second              keen_hopper

Without /tmp/podman-run-${UID}/podman/podman.sock

make run
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v4.4.1/libpod/_ping": dial unix ///tmp/podman-run-1000/podman/podman.sock: connect: no such file or directory
make: *** [Makefile:11: run] Error 125

Without /home/${USERNAME}/rundir/podman/podman.sock

make run
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v4.4.1/libpod/_ping": dial unix ///home/developer/rundir/podman/podman.sock: connect: no such file or directory
make: *** [Makefile:11: run] Error 125

Describe the results you received

Currently you need to configure both sockets, otherwise it fails without adding configuration.

Describe the results you expected

Without config I want to be able to mount a single socket and have podman-remote work

podman info output

host:
  arch: amd64
  buildahVersion: 1.31.2
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2:2.1.8-0ubuntu22.04+obs16.17_amd64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: '
  cpuUtilization:
    idlePercent: 85.98
    systemPercent: 5.75
    userPercent: 8.26
  cpus: 4
  distribution:
    codename: jammy
    distribution: ubuntu
    version: "22.04"
  eventLogger: journald
  hostname: dev
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.2.0-34-generic
  linkmode: dynamic
  logDriver: journald
  memFree: 1454927872
  memTotal: 16724279296
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun_101:1.9.2-0ubuntu22.04+obs60.5_amd64
    path: /usr/bin/crun
    version: |-
      crun version 1.9.2
      commit: 35274d346d2e9ffeacb22cc11590b0266a23d634
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns_1.2.2-0ubuntu22.04+obs12.7_amd64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 2142461952
  swapTotal: 2147479552
  uptime: 2h 34m 50.00s (Approximately 0.08 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/sistaca/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/sistaca/.local/share/containers/storage
  graphRootAllocated: 368233852928
  graphRootUsed: 105336754176
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 47
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/sistaca/.local/share/containers/storage/volumes
version:
  APIVersion: 4.6.2
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.18.1
  Os: linux
  OsArch: linux/amd64
  Version: 4.6.2

Podman in a container

Yes

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[afbjorklund]

It should use $XDG_RUNTIME_DIR

Without systemd, it could be anything.

[SistachReinoso]

Do you think is normal that duality of default values?

For resolve the problem naw I use:

...
        --env CONTAINER_HOST=/var/run/podman.sock \
        --volume "$container_sock:/var/run/podman.sock" \
...

[afbjorklund]

It is three values, if you include the usual (systemd) value of /run/user/<uid>

The root value is /run/podman/podman.sock, with a subdirectory

[SistachReinoso]

Sorry, my answer not work propely. How defining $XDG_RUNTIME_DIR?

Naw I use:

--volume "$container_sock:/tmp/podman-run-$(shell id -u)/podman/podman.sock" \

And when I want to use podman I execute:

mkdir -p "$HOME/rundir/libpod"
podman-remote system connection add socket unix:///tmp/podman-run-1000/podman/podman.sock

Does it actually make sense to have more than one default socket?

[afbjorklund]

How defining $XDG_RUNTIME_DIR?

--env XDG_RUNTIME_DIR (or CONTAINER_HOST, as shown)

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[Luap99]

Can you retest with the latest podman?