search

containers / storage

Container Storage Library
Apache License 2.0
564 stars 244 forks source link

Invalid filename-escaping (?) #1878

Closed bundi78 closed 7 months ago

bundi78 commented 7 months ago

Issue Description

Since a few days, running podman bud ... stops with an error:

STEP 1/25: FROM .../archlinux/archlinux:base-20240401.0.226100
STEP 2/25: LABEL org.opencontainers.image.authors="xyz"
Error: committing container for step {Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin LANG=C.UTF-8] Command:label Args:[org.opencontainers.image.authors xyz] Flags:[] Attrs:map[] Message:LABEL org.opencontainers.image.authors "xyz" Heredocs:[] Original:LABEL org.opencontainers.image.authors="xyz"}: copying layers and metadata for container "db09248185b3f42475ba34c51afd23e3b7b357cbe2011a359691079f2c0a9783": initializing source containers-storage:archlinux-working-container: storing layer "906ef1774f44884824b6f5c12d4a249dff1d10684178b6940278d918bbb21f4f" to file: open /home/developer/.local/share/containers/storage/overlay/906ef1774f44884824b6f5c12d4a249dff1d10684178b6940278d918bbb21f4f/diff/usr/lib/systemd/system/system-systemd\x2dcryptsetup.slice: no such file or directory

It turns out, that system-systemd\x2dcryptsetup.slice is stored as system-systemd\\x2dcryptsetup.slice

Running the same commands on a different machine works. What could lead to this behavior?

Steps to reproduce the issue

podman run --rm -it docker.io/archlinux/archlinux:base-20240401.0.226100 ls -l /usr/lib/systemd/system | grep system-sys

Describe the results you received

I got this on several build servers:

-rw-r--r-- 1 root root  468 Mar  3 17:04 'system-systemd\\x2dcryptsetup.slice'
-rw-r--r-- 1 root root  463 Mar  3 17:04 'system-systemd\\x2dveritysetup.slice'

Describe the results you expected

This is what I got running the same command locally:

-rw-r--r-- 1 root root  468 Mar  3 17:04 'system-systemd\x2dcryptsetup.slice'
-rw-r--r-- 1 root root  463 Mar  3 17:04 'system-systemd\x2dveritysetup.slice'

podman info output

$ podman info
host:
  arch: amd64
  buildahVersion: 1.35.1
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.1.10-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: 2dcd736e46ded79a53339462bc251694b150f870'
  cpuUtilization:
    idlePercent: 86.19
    systemPercent: 1.4
    userPercent: 12.4
  cpus: 24
  databaseBackend: sqlite
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  freeLocks: 2048
  hostname: xyz
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.8.2-arch2-1
  linkmode: dynamic
  logDriver: journald
  memFree: 52958973952
  memTotal: 134978330624
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: Unknown
    package: /usr/lib/podman/netavark is owned by netavark 1.10.3-1
    path: /usr/lib/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: /usr/bin/crun is owned by crun 1.14.4-1
    path: /usr/bin/crun
    version: |-
      crun version 1.14.4
      commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: /usr/bin/pasta is owned by passt 2024_03_26.4988e2b-2
    version: |
      pasta 2024_03_26.4988e2b
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.2.3-1
    version: |-
      slirp4netns version 1.2.3
      commit: c22fde291bb35b354e6ca44d13be181c76a0a432
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 153h 37m 34.00s (Approximately 6.38 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /home/developer/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/developer/.local/share/containers/storage
  graphRootAllocated: 1967317549056
  graphRootUsed: 1604447866880
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 3
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/developer/.local/share/containers/storage/volumes
version:
  APIVersion: 5.0.0
  Built: 1711060217
  BuiltTime: Thu Mar 21 23:30:17 2024
  GitCommit: e71ec6f1d94d2d97fb3afe08aae0d8adaf8bddf0-dirty
  GoVersion: go1.22.1
  Os: linux
  OsArch: linux/amd64
  Version: 5.0.0

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

rhatdan commented 7 months ago

@giuseppe PTAL

giuseppe commented 7 months ago

do you have any customization in storage.conf?

giuseppe commented 7 months ago

opened a PR:

although the issue happens only when using the new partial pull code, and having convert_images=true

bundi78 commented 7 months ago

It's the "default" config provided by Arch Linux:

[storage]
driver = "overlay"
runroot = "/run/containers/storage"
graphroot = "/var/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""}
[storage.options.overlay]
mountopt = "nodev"
[storage.options.thinpool]