ERRO[0003] failed to expose ports via rootlessport: "listen tcp 0.0.0.0:9080: bind: address already in use

[x80486]

Is this a BUG REPORT or FEATURE REQUEST?

/kind bug

Description

I'm using podman 1.9.3 under Arch Linux Linux uplink 5.4.47-1-lts #1 SMP Wed, 17 Jun 2020 19:42:02 +0000 x86_64 GNU/Linux. I installed it via Nix packages. I'm building an image with buildah and that's fine, but whenever I try to run the container it always fails with failed to expose ports via rootlessport: "listen tcp 0.0.0.0:9080: bind: address already in use. I can't seem to spot the issue even when I run the command with --log-level=debug (as I've seen in some issues here).

There is also WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument; I saw that upgrading to fuse-overlayfs 1.0 should solve it but I have fuse-overlayfs-1.1.0.

Steps to reproduce the issue:

1. Install podman-wrapper and buildah-wrapper
2. Have a multistage Docker image
3. Build the image
4. Run the container

Describe the results you received:

ERRO[0003] failed to expose ports via rootlessport: "listen tcp 0.0.0.0:9080: bind: address already in use

Describe the results you expected:

The container should run successfully! :partying_face:

Additional information you deem important (e.g. issue happens only occasionally):

Since I installed podman via Nix, I had to create manually:

• /etc/subuid
• /etc/subgid
• ~/.config/containers/registries.conf
• ~/.config/containers/policy.json

Here is the output from EVERYTHING (including podman version...hold on!):

[x80486@archbook:~]$ cd Workshop/Development/erlang_cowboy/ 
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ podman ps --all 
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ podman images 
REPOSITORY   TAG   IMAGE ID   CREATED   SIZE
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ buildah build-using-dockerfile --file Dockerfile --tag acme/erlang-cowboy:latest ./ 
STEP 1: FROM docker.io/library/erlang:23.0.2-alpine AS builder
Getting image source signatures
Copying blob af1424f0cfcc done  
Copying blob cbdbe7a5bc2a done  
Copying config 7578713ee0 done  
Writing manifest to image destination
Storing signatures
STEP 2: WORKDIR /tmp/workspace/
STEP 3: COPY . ./
STEP 4: RUN set -eux;   mkdir release/;   rebar3 as prod tar;   tar -zxf _build/prod/rel/erlang_cowboy/erlang_cowboy-*.tar.gz -C /tmp/workspace/release/
+ mkdir release/
+ rebar3 as prod tar
===> Verifying dependencies...
===> Fetching cowboy v2.7.0
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/cowboy-2.7.0.tar
===> Linking _build/default/lib/cowboy to _build/prod/lib/cowboy
===> Fetching jsone v1.5.2
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/jsone-1.5.2.tar
===> Linking _build/default/lib/jsone to _build/prod/lib/jsone
===> Fetching lager v3.8.0
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/lager-3.8.0.tar
===> Linking _build/default/lib/lager to _build/prod/lib/lager
===> Fetching cowlib v2.8.0
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/cowlib-2.8.0.tar
===> Linking _build/default/lib/cowlib to _build/prod/lib/cowlib
===> Fetching goldrush v0.1.9
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/goldrush-0.1.9.tar
===> Linking _build/default/lib/goldrush to _build/prod/lib/goldrush
===> Fetching ranch v1.7.1
===> Downloaded package, caching at /root/.cache/rebar3/hex/hexpm/packages/ranch-1.7.1.tar
===> Linking _build/default/lib/ranch to _build/prod/lib/ranch
===> Compiling cowlib
===> Compiling ranch
===> Compiling goldrush
===> Compiling lager
===> Compiling jsone
===> Compiling cowboy
===> Compiling erlang_cowboy
===> Starting relx build process ...
===> Resolving OTP Applications from directories:
          /tmp/workspace/_build/prod/lib
          /usr/local/lib/erlang/lib
===> Resolved erlang_cowboy-0.1.0
===> Including Erts from /usr/local/lib/erlang
===> release successfully created!
===> Starting relx build process ...
===> Resolving OTP Applications from directories:
          /tmp/workspace/_build/prod/lib
          /usr/local/lib/erlang/lib
          /tmp/workspace/_build/prod/rel
===> Resolved erlang_cowboy-0.1.0
===> tarball /tmp/workspace/_build/prod/rel/erlang_cowboy/erlang_cowboy-0.1.0.tar.gz successfully created!
+ tar -zxf _build/prod/rel/erlang_cowboy/erlang_cowboy-0.1.0.tar.gz -C /tmp/workspace/release/
STEP 5: FROM docker.io/library/alpine:3.11
Getting image source signatures
Copying blob cbdbe7a5bc2a [--------------------------------------] 0.0b / 0.0b
Copying config f70734b6a2 done  
Writing manifest to image destination
Storing signatures
STEP 6: ENV COOKIE YW5MV2IyeXZWS0dSVmRya0VNTFJZNkxxZQ==
STEP 7: ENV RELX_OUT_FILE_PATH /tmp
STEP 8: RUN set -eux;   apk update;   apk add --no-cache ncurses;   rm -fR /var/cache/apk/*
+ apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
v3.11.6-88-gb2f81f5a10 [http://dl-cdn.alpinelinux.org/alpine/v3.11/main]
v3.11.6-86-gf4e478f351 [http://dl-cdn.alpinelinux.org/alpine/v3.11/community]
OK: 11271 distinct packages available
+ apk add --no-cache ncurses
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
(1/3) Installing ncurses-terminfo-base (6.1_p20200118-r4)
(2/3) Installing ncurses-libs (6.1_p20200118-r4)
(3/3) Installing ncurses (6.1_p20200118-r4)
Executing busybox-1.31.1-r9.trigger
OK: 7 MiB in 17 packages
+ rm -fR /var/cache/apk/APKINDEX.70f61090.tar.gz /var/cache/apk/APKINDEX.ca2fea5b.tar.gz
STEP 9: WORKDIR /opt/application/
STEP 10: COPY --from=builder /tmp/workspace/release/ ./
STEP 11: ENTRYPOINT ["/opt/application/bin/erlang_cowboy"]
STEP 12: CMD ["foreground"]
STEP 13: COMMIT acme/erlang-cowboy:latest
Getting image source signatures
Copying blob 3e207b409db3 skipped: already exists  
Copying blob b28c2875f7d1 done  
Copying config abd7ffbcad done  
Writing manifest to image destination
Storing signatures
--> abd7ffbcad9
abd7ffbcad9030066817abcd455bfc244f7ac5fed712dc8a24a9d9315cf70ef3

[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ podman run --detach --log-level=debug --name erlang-cowboy --publish 9080:9080 --tty acme/erlang-cowboy:latest 
DEBU[0000] Ignoring lipod.conf EventsLogger setting "journald". Use containers.conf if you want to change this setting and remove libpod.conf files. 
DEBU[0000] Using conmon from $PATH: "/nix/store/wbn5szn82dch8k168vhi93wdfrxjk7s0-conmon-2.0.18/bin/conmon" 
DEBU[0000] Initializing boltdb state at /home/x80486/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/x80486/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/x80486/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/x80486/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] No store required. Not opening container store. 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "runc" from $PATH: "/nix/store/4p61xpas797ashb14bcbblvmb1rc1y2l-runc-1.0.0-rc90/bin/runc" 
DEBU[0000] using runtime "crun" from $PATH: "/nix/store/shkj72hq1jlk02ymblfy2g8kh3dndjq6-crun-0.13/bin/crun" 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
INFO[0000] running as rootless                          
DEBU[0000] Ignoring lipod.conf EventsLogger setting "journald". Use containers.conf if you want to change this setting and remove libpod.conf files. 
DEBU[0000] Using conmon from $PATH: "/nix/store/wbn5szn82dch8k168vhi93wdfrxjk7s0-conmon-2.0.18/bin/conmon" 
DEBU[0000] Initializing boltdb state at /home/x80486/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/x80486/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/x80486/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/x80486/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] overlay: mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs 
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "runc" from $PATH: "/nix/store/4p61xpas797ashb14bcbblvmb1rc1y2l-runc-1.0.0-rc90/bin/runc" 
DEBU[0000] using runtime "crun" from $PATH: "/nix/store/shkj72hq1jlk02ymblfy2g8kh3dndjq6-crun-0.13/bin/crun" 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
DEBU[0000] parsed reference into "[overlay@/home/x80486/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs]docker.io/acme/erlang-cowboy:latest" 
DEBU[0000] reference "[overlay@/home/x80486/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs]docker.io/acme/erlang-cowboy:latest" does not resolve to an image ID 
DEBU[0000] parsed reference into "[overlay@/home/x80486/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs]localhost/acme/erlang-cowboy:latest" 
DEBU[0000] parsed reference into "[overlay@/home/x80486/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs]@abd7ffbcad9030066817abcd455bfc244f7ac5fed712dc8a24a9d9315cf70ef3" 
DEBU[0000] exporting opaque data as blob "sha256:abd7ffbcad9030066817abcd455bfc244f7ac5fed712dc8a24a9d9315cf70ef3" 
DEBU[0000] Using slirp4netns netmode                    
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading default seccomp profile              
DEBU[0000] setting container name erlang-cowboy         
DEBU[0000] created OCI spec and options for new container 
DEBU[0000] Allocated lock 1 for container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 
DEBU[0000] parsed reference into "[overlay@/home/x80486/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs]@abd7ffbcad9030066817abcd455bfc244f7ac5fed712dc8a24a9d9315cf70ef3" 
DEBU[0000] exporting opaque data as blob "sha256:abd7ffbcad9030066817abcd455bfc244f7ac5fed712dc8a24a9d9315cf70ef3" 
DEBU[0000] created container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" 
DEBU[0000] container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" has work directory "/home/x80486/.local/share/containers/storage/overlay-containers/8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856/userdata" 
DEBU[0000] container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" has run directory "/run/user/1000/containers/overlay-containers/8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856/userdata" 
DEBU[0000] New container created "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" 
DEBU[0000] container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" has CgroupParent "/libpod_parent/libpod-8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" 
DEBU[0000] Made network namespace at /run/user/1000/netns/cni-605fdf67-c173-b0ce-7e48-fe117e73e89e for container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 
DEBU[0000] overlay: mount_data=lowerdir=/home/x80486/.local/share/containers/storage/overlay/l/C2UTOAD65WOXNQITTRSNQLSOCQ:/home/x80486/.local/share/containers/storage/overlay/l/SPPNVEN2LYW4WXIRG7PIH4QAOC,upperdir=/home/x80486/.local/share/containers/storage/overlay/70e87a4285b9da45aff031fee24e78221ff7394f16da5e8d9f349fa69aa678f1/diff,workdir=/home/x80486/.local/share/containers/storage/overlay/70e87a4285b9da45aff031fee24e78221ff7394f16da5e8d9f349fa69aa678f1/work 
DEBU[0000] mounted container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" at "/home/x80486/.local/share/containers/storage/overlay/70e87a4285b9da45aff031fee24e78221ff7394f16da5e8d9f349fa69aa678f1/merged" 
DEBU[0000] slirp4netns command: /nix/store/17n8bsxrixmaxvdlb69rjkjalxv9ikv5-slirp4netns-1.1.1/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1000/netns/cni-605fdf67-c173-b0ce-7e48-fe117e73e89e tap0 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="starting parent driver" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="opaque=map[builtin.readypipepath:/run/user/1000/libpod/tmp/rootlessport133513901/.bp-ready.pipe builtin.socketpath:/run/user/1000/libpod/tmp/rootlessport133513901/.bp.sock]" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="starting child driver in child netns (\"/proc/self/exe\" [containers-rootlessport-child])" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="waiting for initComplete" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="initComplete is closed; parent and child established the communication channel"
time="2020-06-24T16:05:01-04:00" level=info msg="exposing ports [{9080 9080 tcp }]" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="parent: listen: listen tcp 0.0.0.0:9080: bind: address already in use\n" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="stopping parent driver" 
DEBU[0000] rootlessport: time="2020-06-24T16:05:01-04:00" level=info msg="stopping child driver" 
DEBU[0003] containers-rootlessport failed: "time=\"2020-06-24T16:05:01-04:00\" level=info msg=\"starting parent driver\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"opaque=map[builtin.readypipepath:/run/user/1000/libpod/tmp/rootlessport133513901/.bp-ready.pipe builtin.socketpath:/run/user/1000/libpod/tmp/rootlessport133513901/.bp.sock]\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"starting child driver in child netns (\\\"/proc/self/exe\\\" [containers-rootlessport-child])\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"waiting for initComplete\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"initComplete is closed; parent and child established the communication channel\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"exposing ports [{9080 9080 tcp }]\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"parent: listen: listen tcp 0.0.0.0:9080: bind: address already in use\\n\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"stopping parent driver\"\ntime=\"2020-06-24T16:05:01-04:00\" level=info msg=\"stopping child driver\"\n" 
DEBU[0003] Created root filesystem for container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 at /home/x80486/.local/share/containers/storage/overlay/70e87a4285b9da45aff031fee24e78221ff7394f16da5e8d9f349fa69aa678f1/merged 
DEBU[0003] unmounted container "8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856" 
DEBU[0003] Tearing down network namespace at /run/user/1000/netns/cni-605fdf67-c173-b0ce-7e48-fe117e73e89e for container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 
DEBU[0003] Cleaning up container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 
DEBU[0003] Network is already cleaned up, skipping...   
DEBU[0003] Container 8b8441171417d04612edbed503c06d3fa537674bedbcd1e9cb3bda8b860eb856 storage is already unmounted, skipping... 
DEBU[0003] ExitCode msg: "failed to expose ports via rootlessport: \"listen tcp 0.0.0.0:9080: bind: address already in use\\n\"" 
ERRO[0003] failed to expose ports via rootlessport: "listen tcp 0.0.0.0:9080: bind: address already in use\n" 
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ podman info --debug 
debug:
  compiler: gc
  gitCommit: ""
  goVersion: go1.14.3
  podmanVersion: 1.9.3
host:
  arch: amd64
  buildahVersion: 1.14.9
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /nix/store/wbn5szn82dch8k168vhi93wdfrxjk7s0-conmon-2.0.18/bin/conmon
    version: 'conmon version 2.0.18, commit: unknown'
  cpus: 12
  distribution:
    distribution: arch
    version: unknown
  eventLogger: file
  hostname: archbook
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 985
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.4.47-1-lts
  memFree: 10310602752
  memTotal: 33529663488
  ociRuntime:
    name: runc
    package: Unknown
    path: /nix/store/4p61xpas797ashb14bcbblvmb1rc1y2l-runc-1.0.0-rc90/bin/runc
    version: |-
      runc version 1.0.0-rc10
      spec: 1.0.1-dev
  os: linux
  rootless: true
  slirp4netns:
    executable: /nix/store/17n8bsxrixmaxvdlb69rjkjalxv9ikv5-slirp4netns-1.1.1/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.1
      commit: bbf27c5acd4356edb97fa639b4e15e0cd56a39d5
      libslirp: 4.3.0
      SLIRP_CONFIG_VERSION_MAX: 3
  swapFree: 8503422976
  swapTotal: 8589930496
  uptime: 28h 33m 12.82s (Approximately 1.17 days)
registries:
  search:
  - quay.io
  - docker.io
store:
  configFile: /home/x80486/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /nix/store/hq6ycra1ipc4bgm08k4vbyjadd8f78g9-fuse-overlayfs-1.1.0/bin/fuse-overlayfs
      Package: Unknown
      Version: |-
        fusermount3 version: 3.9.2
        fuse-overlayfs: version 1.1.0
        FUSE library version 3.9.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/x80486/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 3
  runRoot: /run/user/1000/containers
  volumePath: /home/x80486/.local/share/containers/storage/volumes

[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ uname -a 
Linux archbook 5.4.47-1-lts #1 SMP Wed, 17 Jun 2020 19:42:02 +0000 x86_64 GNU/Linux
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ cat /etc/subuid 
x80486:100000:65536
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ cat /etc/subgid 
x80486:100000:65536
[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ cat ~/.config/containers/registries.conf 
# This is a sample of system-wide configuration file used to
# keep track of registries for various container backends.
# It adheres to TOML format and does not support recursive
# lists of registries.

# The default location for this configuration file is /etc/containers/registries.conf.

# The only valid categories are: 'registries.search', 'registries.insecure',
# and 'registries.block'.

[registries.search]
registries = ["quay.io", "docker.io"]

# If you need to access insecure registries, add the registry's fully-qualified name.
# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
[registries.insecure]
registries = []

# If you need to block pull access from a registry, uncomment the section below
# and add the registries fully-qualified name.
#
# Docker only
[registries.block]
registries = []

[x80486@archbook:~/Workshop/Development/erlang_cowboy]$ cat ~/.config/containers/policy.json 
{
  "default": [
    { "type": "insecureAcceptAnything" }
  ],
  "transports": {
    "docker-daemon": {
      "": [
        { "type": "insecureAcceptAnything" }
      ]
    }
  }
}

Package info (e.g. output of rpm -q podman or apt list podman):

[x80486@archbook:~]$ nix-env --query --description podman-wrapper 
podman-wrapper-1.9.3  A program for managing pods, containers and container images
[x80486@archbook:~]$ nix-env --query --description buildah-wrapper 
buildah-wrapper-1.15.0  A tool which facilitates building OCI images

The difference with the actual podman / buildah packages is that the wrappers have all the required dependencies bundled. I remember when I installed podman and buildah initially, I was getting errors left and right because conmon, runc, slirp4netns (and some others) were not available.

[mheon]

Are you absolutely certain that nothing on the machine is already bound to that port? That's usually the cause of this error.

[mheon]

As to your warnings, I wouldn't worry overly about not having Kata; we should probably drop that from WARN to INFO level.

[x80486]

Yeah, I checked that initially; this is how I do it: sudo netstat -tulpn | grep :9080 ...but nothing is getting printed out. This is sort of an all-in-all:

[x80486@archbook:~]$ sudo netstat -tulpn 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:45653         0.0.0.0:*               LISTEN      46369/standard-note 
tcp        0      0 127.0.0.1:6942          0.0.0.0:*               LISTEN      74805/java          
tcp        0      0 127.0.0.1:63342         0.0.0.0:*               LISTEN      74805/java          
tcp6       0      0 127.0.0.1:4332          :::*                    LISTEN      42092/java          
udp        0      0 223.0.0.251:5353        0.0.0.0:*                           133217/opera --type 
udp        0      0 223.0.0.251:5353        0.0.0.0:*                           133217/opera --type 
udp        0      0 223.0.0.251:5353        0.0.0.0:*                           20724/chromium      
udp        0      0 223.0.0.251:5353        0.0.0.0:*                           20758/chromium --ty 
udp6       0      0 de81::6dfe:4114:c3d:416 :::*                                505/NetworkManager

...but now that you mention it, I'll restart and see what happens :thinking:

[x80486]

OK, I don't know for sure what happened, but I restarted and got the same problem.

So I removed Nix and the containers/ sub-directories from .config/ and .local/share; restarted, installed Nix again with all the packages, reconfigured everything...and :drum: I don't have the error anymore :partying_face: :balloon:

You can leave this one open if you want to. I did execute the same command to see if some process was using that port again before triggering "operation remove all", but at least with that command, nothing was bound to 9080,

[rhatdan]

Reopen if it happens again.

[selamba]

It happened again. A fresh podman 4.1.0 install, using a rootless environment. Was creating and deleting docker.io/postgres:alpine and my Java Spring app over and over using podman-compose until eventually ran into this error: Error: rootlessport listen tcp 0.0.0.0:8080: bind: address already in use Postgres is published on port 5432 and my app is on 8080. Postgres is occasionally correctly created (exit code 0), while the app always exit code 126.

Here's the relevant part of the error wall:

podman run --name=core -d --label io.podman.compose.config-hash=123 --label io.podman.compose.project=core --label io.podman.compose.version=0.0.1 --label com.docker.compose.project=core --label com.docker.compose.project.working_dir=/home/selamba/IdeaProjects/core --label com.docker.compose.project.config_files=docker-compose.local.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=core --env-file /home/selamba/IdeaProjects/core/.env.example --net core_core-and-db --network-alias core -p 8080:8080 core
Error: rootlessport listen tcp 0.0.0.0:8080: bind: address already in use
exit code: 126
podman start core
Error: unable to start container "9596f626f307ad7b7f5a9819a3d46fccc3eac641c8733856c60ca98884568c11": rootlessport listen tcp 0.0.0.0:8080: bind: address already in use
exit code: 125

I did some diagnostics:

# ps -ax | grep $(fuser 8080/tcp)
92320 pts/2    Sl     0:00 rootlessport

Seems like this rootlessport was supposed to be destroyed with the container itself, but wasn't. I decided to look at the entire process list and was horrified:

...
56979 ?        S      0:00 podman
...
92215 pts/2    Sl     0:02 podman start -a core
92320 pts/2    Sl     0:00 rootlessport
92331 pts/2    Sl     0:00 rootlessport-child
92344 ?        Ssl    0:00 /usr/bin/conmon --api-version 1 -c 7410059df508530e2a8bf18b2ed2d70be7b59d7afd7f5d5d6f6ca1c8b9e1e650 -u 7410059df508530e2a8bf18b2ed2d70be7b59d7afd7f5d5d6f6ca1c8b9
92347 ?        Ss     0:00 sh ./entrypoint.sh
92350 ?        Sl     0:27 java -cp app:app/lib/* io.roadmaps.core.Application
...
102760 pts/2    Sl     0:00 rootlessport
102774 pts/2    Sl     0:00 rootlessport-child
102783 ?        Ssl    0:00 /usr/bin/conmon --api-version 1 -c 60e5ba5e5777b302b252c2e4cd86970006b6108d208991839b3779042c4e0524 -u 60e5ba5e5777b302b252c2e4cd86970006b6108d208991839b3779042c
102786 ?        Ss     0:00 postgres
102920 pts/2    Sl     0:00 /usr/lib/podman/aardvark-dns --config /run/user/1000/containers/networks/aardvark-dns -p 53 run
102971 ?        Ss     0:00 postgres: checkpointer 
102972 ?        Ss     0:00 postgres: background writer 
102973 ?        Ss     0:00 postgres: walwriter 
102974 ?        Ss     0:00 postgres: autovacuum launcher 
102975 ?        Ss     0:00 postgres: stats collector
102976 ?        Ss     0:00 postgres: logical replication launcher
...

sh ./entrypoint.sh is the ENTRYPOINT in my app's Containerfile and java -cp ... is a command from entrypoint.sh

I would like to also point out process 56979. Looks like a podman daemon.

[mheon]

56979 is the rootless pause process - it's holding open the rootless user namespace.

Reopening, given we seem to have a cause - rootlessport not exiting with the container.

[selamba]

Will it be better to make this a separate issue?

[Luap99]

This does not look like an issue with rootlessport. If the full process tree with conmon is still there then of course rootlessport will not exit. Can you provide a reproducer and create a new issue? I assume either podman-compose or podman will not stop/kill the previous container correctly.

[vans163]

happening to me as well, had to write a an extra script to ss -tlpn and kill the port assigned to the container, as we use ipv6 each container has a pretty unique address.

[sghosh151]

I am seeing the same thing - podman v4.6.2 / F38 Once I kill rootlessport and retry the poduman run - container comes up

[BlueOwlet]

Still a thing, I'm pretty sure that it has to do with residual binding from previous containers. This happened to me when deleting and re-creating containers multiple times. I've made sure to delete the containers but there seems to be something residual with the binding of ports left behind.