`podman machine rm` removes socket used by other machines

[feloy]

Issue Description

When I have several podman machines and I remove one of them using podman machine rm <name>, the socket is deleted, as part of the process. But, if I understand correctly, all the machines share the same socket, and so, this socket is not available anymore for other machines.

Steps to reproduce the issue

Steps to reproduce the issue

# a machine exists
$ podman machine list               
NAME                    VM TYPE     CREATED        LAST UP            CPUS        MEMORY      DISK SIZE
podman-machine-default  qemu        4 weeks ago    Currently running  6           16.76GiB    186GiB 

# and the socket exists
$ ls /Users/me/.local/share/containers/podman/machine/qemu/podman.sock
/Users/me/.local/share/containers/podman/machine/qemu/podman.sock

# I create a second machine
$ podman machine init podman-machine-2

# the socket still exists
$ ls /Users/me/.local/share/containers/podman/machine/qemu/podman.sock
/Users/me/.local/share/containers/podman/machine/qemu/podman.sock

# I remove a machine, the socket will be deleted
$ podman machine rm podman-machine-2

The following files will be deleted:

[...]
/Users/me/.local/share/containers/podman/machine/qemu/podman.sock

Are you sure you want to continue? [y/N] y

# the socket has been deleted
$ ls /Users/me/.local/share/containers/podman/machine/qemu/podman.sock
ls: /Users/me/.local/share/containers/podman/machine/qemu/podman.sock: No such file or directory

Describe the results you received

See above

Describe the results you expected

I would expect that the socket ie deleted only when the latest machine is deleted (or never deleted)

podman info output

$ podman version
Client:       Podman Engine
Version:      4.9.1
API Version:  4.9.1
Go Version:   go1.21.6
Git Commit:   118829d7fc68c34d5a317cda90b69884f3446f5c
Built:        Thu Feb  1 15:12:40 2024
OS/Arch:      darwin/arm64

Server:       Podman Engine
Version:      4.8.3
API Version:  4.8.3
Go Version:   go1.21.5
Built:        Wed Jan  3 15:10:40 2024
OS/Arch:      linux/arm64

$  podman info
host:
  arch: arm64
  buildahVersion: 1.33.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.8-2.fc39.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: '
  cpuUtilization:
    idlePercent: 99.4
    systemPercent: 0.38
    userPercent: 0.21
  cpus: 6
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "39"
  eventLogger: journald
  freeLocks: 2039
  hostname: localhost.localdomain
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.6.13-200.fc39.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 16395878400
  memTotal: 17503678464
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.fc39.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.9.0
    package: netavark-1.9.0-1.fc39.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.9.0
  ociRuntime:
    name: crun
    package: crun-1.13-1.fc39.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.13
      commit: c761349704905da07cfe67f38dda6850334a160f
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20231230.gf091893-1.fc39.aarch64
    version: |
      pasta 0^20231230.gf091893-1.fc39.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.aarch64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 0h 5m 54.00s
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 4
    paused: 0
    running: 0
    stopped: 4
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 199110930432
  graphRootUsed: 35228422144
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 117
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.8.3
  Built: 1704291040
  BuiltTime: Wed Jan  3 15:10:40 2024
  GitCommit: ""
  GoVersion: go1.21.5
  Os: linux
  OsArch: linux/arm64
  Version: 4.8.3

### Podman in a container

No

### Privileged Or Rootless

None

### Upstream Latest Release

Yes

### Additional environment details

Mac OS

### Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[arixmkii]

The socket should be acquired at the moment, when machine is started. I believe if you restart the machine after you deleted another machine, it will be restored.

[arixmkii]

Seems to not affect Podman Machine 5. podman.sock now is not a part of resources being removed with rm

podman machine rm machine-alt
The following files will be deleted:

/Users/username/.config/containers/podman/machine/applehv/machine-alt.json
/var/folders/9n/358_gdmn3fxfnyttwys8k1dm0100gn/T/podman/machine-alt.sock
/var/folders/9n/358_gdmn3fxfnyttwys8k1dm0100gn/T/podman/machine-alt.log
Are you sure you want to continue? [y/N] 

[baude]

I'm working from memory here, in part because we have been heads down on Podman 5. That said, the behavior you describe, to my memory, seems valid. However, the socket is only needed when a machine starts or is running. Therefore, I don't think there is harm? Or do you see an error when performing a start on the second machine.

[afbjorklund]

I think it has been this way since Podman 4.5, when the socket moved from the machine location to a shared location

4.4: ~/.local/share/containers/podman/machine/podman-machine-default/podman.sock

4.5: ~/.local/share/containers/podman/machine/qemu/podman.sock

For Podman v3 it used ssh: rather than unix:

[feloy]

I'm working from memory here, in part because we have been heads down on Podman 5. That said, the behavior you describe, to my memory, seems valid. However, the socket is only needed when a machine starts or is running. Therefore, I don't think there is harm? Or do you see an error when performing a start on the second machine.

The usecase is described in this issue: https://github.com/containers/podman-desktop/issues/5820

On Podman Desktop, when you have a running machine, and another one you want to delete, deleting the second will break the access to the first (running) one.

I agree that a workaround could be that the user restart the first one (or Podman Desktop restart it for the user).

[baude]

the basic problem is that the qemu socket is not namespaced