conmon 246577c0968ed68228b4 <nwarn>: stdio_input read failed Input/output error
quantum77 opened this issue · 5 comments
Issue Description
$ podman run --name unbound -i -t --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound
$ journalctl -xe
...
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit UNIT has finished successfully.
░░
░░ The job identifier is 292.
Aug 08 08:01:20 zeta.darkmatter.org podman[19336]: 2023-08-08 08:01:20.837936855 -0700 PDT m=+0.238603677 container init 246577c0968ed68228b4c924b6b3284a6cc49db3238399e35bfb45a3809d2d69 (image=127.0.0.1:5000/unbound:latest, name=unbound>
Aug 08 08:01:20 zeta.darkmatter.org podman[19336]: 2023-08-08 08:01:20.862352982 -0700 PDT m=+0.263019784 container start 246577c0968ed68228b4c924b6b3284a6cc49db3238399e35bfb45a3809d2d69 (image=127.0.0.1:5000/unbound:latest, name=unboun>
Aug 08 08:01:20 zeta.darkmatter.org podman[19336]: 2023-08-08 08:01:20.862731317 -0700 PDT m=+0.263398118 container attach 246577c0968ed68228b4c924b6b3284a6cc49db3238399e35bfb45a3809d2d69 (image=127.0.0.1:5000/unbound:latest, name=unbou>
Aug 08 08:01:20 zeta.darkmatter.org conmon[19358]: conmon 246577c0968ed68228b4 : stdio_input read failed Input/output error
Aug 08 08:01:20 zeta.darkmatter.org podman[19336]: 2023-08-08 08:01:20.918119906 -0700 PDT m=+0.318786709 container died 246577c0968ed68228b4c924b6b3284a6cc49db3238399e35bfb45a3809d2d69 (image=127.0.0.1:5000/unbound:latest, name=unbound>
Aug 08 08:01:21 zeta.darkmatter.org systemd[1095]: Started podman-19389.scope.
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit UNIT has finished successfully.
░░
░░ The job identifier is 296.
Aug 08 08:01:21 zeta.darkmatter.org podman[19389]: 2023-08-08 08:01:21.068137548 -0700 PDT m=+0.142682685 container remove 246577c0968ed68228b4c924b6b3284a6cc49db3238399e35bfb45a3809d2d69 (image=127.0.0.1:5000/unbound:latest, name=unbou>
Steps to reproduce the issue
Steps to reproduce the issue
- Create image
- Try to start container rootless
- Profit with container crash
Describe the results you received
$ podman run --name unbound --log-level debug -it --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound
INFO[0000] podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(podman run --name unbound --log-level debug -it --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound)
DEBU[0000] Using conmon: "/usr/bin/conmon"
DEBU[0000] Initializing boltdb state at /home/bill/.local/share/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /home/bill/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1000/containers
DEBU[0000] Using static dir /home/bill/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
DEBU[0000] Using volume path /home/bill/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime crun initialization failed: no valid executable found for OCI runtime crun: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/runc"
INFO[0000] Setting parallel job count to 7
DEBU[0000] Failed to add podman to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0000] Successfully loaded 1 networks
DEBU[0000] Pulling image 127.0.0.1:5000/unbound (policy: missing)
DEBU[0000] Looking up image "127.0.0.1:5000/unbound" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage
DEBU[0000] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage ([overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9)
DEBU[0000] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Looking up image "127.0.0.1:5000/unbound:latest" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Found image "127.0.0.1:5000/unbound:latest" as "127.0.0.1:5000/unbound:latest" in local containers storage
DEBU[0000] Found image "127.0.0.1:5000/unbound:latest" as "127.0.0.1:5000/unbound:latest" in local containers storage ([overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9)
DEBU[0000] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] User mount /home/bill/unbound:/etc/unbound options [ro Z]
DEBU[0000] Looking up image "127.0.0.1:5000/unbound" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0000] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage
DEBU[0000] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage ([overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9)
DEBU[0000] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] using systemd mode: false
DEBU[0000] setting container name unbound
DEBU[0000] No hostname set; container's hostname will default to runtime default
DEBU[0000] Loading seccomp profile from "/etc/containers/seccomp.json"
DEBU[0000] Adding mount /proc
DEBU[0000] Adding mount /dev
DEBU[0000] Adding mount /dev/pts
DEBU[0000] Adding mount /dev/mqueue
DEBU[0000] Adding mount /sys
DEBU[0000] Adding mount /sys/fs/cgroup
DEBU[0000] Allocated lock 0 for container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb
DEBU[0000] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0000] Cached value indicated that idmapped mounts for overlay are not supported
DEBU[0000] Check for idmapped mounts support
DEBU[0000] Created container "6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb"
DEBU[0000] Container "6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb" has work directory "/home/bill/.local/share/containers/storage/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata"
DEBU[0000] Container "6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb" has run directory "/run/user/1000/containers/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata"
DEBU[0000] Handling terminal attach
INFO[0000] Received shutdown.Stop(), terminating! PID=26437
DEBU[0000] Enabling signal proxying
DEBU[0000] Cached value indicated that volatile is being used
DEBU[0000] overlay: mount_data=lowerdir=/home/bill/.local/share/containers/storage/overlay/l/2XX5AB64YZR7QZYCFSGNYOBVKH:/home/bill/.local/share/containers/storage/overlay/l/QVEEJOOMBQJGKHGNOSYY5SC44N:/home/bill/.local/share/containers/storage/overlay/l/HZDQL7OETUCDFCUY24YMBTNNLS:/home/bill/.local/share/containers/storage/overlay/l/PVHP3AJROZ7KPC7SXPCQO3FUCY,upperdir=/home/bill/.local/share/containers/storage/overlay/50dae32df495809e4cfe38938b7613d372a4cbd553197d66cb187d0f8a57baed/diff,workdir=/home/bill/.local/share/containers/storage/overlay/50dae32df495809e4cfe38938b7613d372a4cbd553197d66cb187d0f8a57baed/work,,userxattr,volatile,context="system_u:object_r:container_file_t:s0:c23,c651"
DEBU[0000] Made network namespace at /run/user/1000/netns/netns-48c08a07-ab6f-edd8-fe9a-5249c27b1f42 for container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb
DEBU[0000] Mounted container "6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb" at "/home/bill/.local/share/containers/storage/overlay/50dae32df495809e4cfe38938b7613d372a4cbd553197d66cb187d0f8a57baed/merged"
DEBU[0000] Created root filesystem for container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb at /home/bill/.local/share/containers/storage/overlay/50dae32df495809e4cfe38938b7613d372a4cbd553197d66cb187d0f8a57baed/merged
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -r 3 -e 4 --netns-type=path /run/user/1000/netns/netns-48c08a07-ab6f-edd8-fe9a-5249c27b1f42 tap0
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode subscription
DEBU[0000] Setting Cgroups for container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb to user.slice:libpod:6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d
DEBU[0000] Workdir "/etc/unbound" resolved to a volume or mount
DEBU[0000] Created OCI spec for container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb at /home/bill/.local/share/containers/storage/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata/config.json
DEBU[0000] /usr/bin/conmon messages will be logged to syslog
DEBU[0000] running conmon: /usr/bin/conmon args="[--api-version 1 -c 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb -u 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb -r /usr/bin/runc -b /home/bill/.local/share/containers/storage/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata -p /run/user/1000/containers/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata/pidfile -n unbound --exit-dir /run/user/1000/libpod/tmp/exits --full-attach -s -l journald --log-level debug --syslog -t --conmon-pidfile /run/user/1000/containers/overlay-containers/6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/bill/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --network-config-dir --exit-command-arg --exit-command-arg --network-backend --exit-command-arg cni --exit-command-arg --volumepath --exit-command-arg /home/bill/.local/share/containers/storage/volumes --exit-command-arg --db-backend --exit-command-arg boltdb --exit-command-arg --transient-store=false --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg --syslog --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --rm --exit-command-arg 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb]"
INFO[0000] Running conmon under slice user.slice and unitName libpod-conmon-6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb.scope
INFO[0000] Failed to add conmon to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0000] Received: 26475
INFO[0000] Got Conmon PID as 26459
DEBU[0000] Created container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb in OCI runtime
DEBU[0000] Attaching to container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb
DEBU[0000] Received a resize event: {Width:237 Height:69}
DEBU[0000] Starting container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb with command [/usr/sbin/unbound -d]
DEBU[0000] Started container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb
DEBU[0000] Notify sent successfully
DEBU[0000] Checking if container 6b5838ecb3e8bc60cec5d75a6d5f411c3b2175689dda8773f3826f00accc16cb should restart
DEBU[0000] Called run.PersistentPostRunE(podman run --name unbound --log-level debug -it --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound)
DEBU[0000] Shutting down engines
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
$
Describe the results you expected
For the container to run
podman info output
$ podman info
host:
arch: amd64
buildahVersion: 1.31.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.7-2.1.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.7, commit: unknown'
cpuUtilization:
idlePercent: 82.76
systemPercent: 1.96
userPercent: 15.28
cpus: 2
databaseBackend: boltdb
distribution:
distribution: '"opensuse-microos"'
version: "20230804"
eventLogger: journald
freeLocks: 2048
hostname: zeta.darkmatter.org
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.4.6-1-default
linkmode: dynamic
logDriver: journald
memFree: 134590464
memTotal: 3039858688
networkBackend: cni
networkBackendInfo:
backend: cni
dns: {}
package: |-
cni-1.1.2-2.4.x86_64
cni-plugins-1.1.1-2.4.x86_64
path: /usr/libexec/cni
ociRuntime:
name: runc
package: runc-1.1.8-1.1.x86_64
path: /usr/bin/runc
version: |-
runc version 1.1.8
commit: v1.1.8-0-g82f18fe0e44a
spec: 1.0.2-dev
go: go1.20.5
libseccomp: 2.5.4
os: linux
pasta:
executable: ""
package: ""
version: ""
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-1.3.x86_64
version: |-
slirp4netns version 1.2.0
commit: unknown
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 5
libseccomp: 2.5.4
swapFree: 0
swapTotal: 0
uptime: 0h 55m 16.00s
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.opensuse.org
- registry.suse.com
- docker.io
store:
configFile: /home/bill/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/bill/.local/share/containers/storage
graphRootAllocated: 53677633536
graphRootUsed: 19048267776
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/bill/.local/share/containers/storage/volumes
version:
APIVersion: 4.6.0
Built: 1691020800
BuiltTime: Wed Aug 2 17:00:00 2023
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.6.0Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
MicroOS (Suse Tumbleweed) latest in KVM virtual machine
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
does the error happen only with that specific image or can you reproduce with other images too?
I am very new to podman so this is the only image I've tried to make. It has not been a good experience.
Setting the unbound conf file to listen on 5353, see? No errors. And yet no container!
$ podman run --name unbound -it --log-level debug --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound
INFO[0000] podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(podman run --name unbound -it --log-level debug --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound)
DEBU[0000] Using conmon: "/usr/bin/conmon"
DEBU[0000] Initializing boltdb state at /home/bill/.local/share/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /home/bill/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1000/containers
DEBU[0000] Using static dir /home/bill/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
DEBU[0000] Using volume path /home/bill/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime crun initialization failed: no valid executable found for OCI runtime crun: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/runc"
INFO[0000] Setting parallel job count to 7
DEBU[0000] Failed to add podman to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0000] Successfully loaded 1 networks
DEBU[0000] Pulling image 127.0.0.1:5000/unbound (policy: missing)
DEBU[0000] Looking up image "127.0.0.1:5000/unbound" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0000] reference "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]127.0.0.1:5000/unbound:latest" does not resolve to an image ID
DEBU[0000] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0000] reference "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]127.0.0.1:5000/unbound:latest" does not resolve to an image ID
DEBU[0000] Trying "127.0.0.1:5000/unbound" ...
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Attempting to pull candidate 127.0.0.1:5000/unbound:latest for 127.0.0.1:5000/unbound
DEBU[0000] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]127.0.0.1:5000/unbound:latest"
Trying to pull 127.0.0.1:5000/unbound:latest...
DEBU[0000] Copying source image //127.0.0.1:5000/unbound:latest to destination image [overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]127.0.0.1:5000/unbound:latest
DEBU[0000] Using registries.d directory /etc/containers/registries.d
DEBU[0000] Trying to access "127.0.0.1:5000/unbound:latest"
DEBU[0000] No credentials matching 127.0.0.1:5000/unbound found in /run/user/1000/containers/auth.json
DEBU[0000] No credentials matching 127.0.0.1:5000/unbound found in /home/bill/.config/containers/auth.json
DEBU[0000] No credentials matching 127.0.0.1:5000/unbound found in /home/bill/.docker/config.json
DEBU[0000] No credentials matching 127.0.0.1:5000/unbound found in /home/bill/.dockercfg
DEBU[0000] No credentials for 127.0.0.1:5000/unbound found
DEBU[0000] Lookaside configuration: using "default-docker" configuration
DEBU[0000] No signature storage configuration found for 127.0.0.1:5000/unbound:latest, using built-in default file:///home/bill/.local/share/containers/sigstore
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/127.0.0.1:5000
DEBU[0000] Sigstore attachments: using "default-docker" configuration
DEBU[0000] GET https://127.0.0.1:5000/v2/
DEBU[0000] Ping https://127.0.0.1:5000/v2/ err Get "https://127.0.0.1:5000/v2/": http: server gave HTTP response to HTTPS client (&url.Error{Op:"Get", URL:"https://127.0.0.1:5000/v2/", Err:(*errors.errorString)(0xc0001d6100)})
DEBU[0000] GET http://127.0.0.1:5000/v2/
DEBU[0000] Ping http://127.0.0.1:5000/v2/ status 200
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/manifests/latest
DEBU[0000] Content-Type from manifest GET is "application/vnd.oci.image.manifest.v1+json"
DEBU[0000] Using blob info cache at /home/bill/.local/share/containers/cache/blob-info-cache-v1.boltdb
DEBU[0000] IsRunningImageAllowed for image docker:127.0.0.1:5000/unbound:latest
DEBU[0000] Using default policy section
DEBU[0000] Requirement 0: allowed
DEBU[0000] Overall: allowed
DEBU[0000] Downloading /v2/unbound/blobs/sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/blobs/sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
Getting image source signatures
DEBU[0000] Reading /home/bill/.local/share/containers/sigstore/unbound@sha256=8f267d98a28c95d1d882d2f5e61f2bb633e85e09fd13cd6b7f25ef908ee6f354/signature-1
DEBU[0000] Not looking for sigstore attachments: disabled by configuration
DEBU[0000] Manifest has MIME type application/vnd.oci.image.manifest.v1+json, ordered candidate list [application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.docker.distribution.manifest.v1+json]
DEBU[0000] ... will first try using the original manifest unmodified
DEBU[0000] Checking if we can reuse blob sha256:8cdb2790ef24b2558918aa6c9d8038bc9d66a6f926ce66d89568216165d294a3: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar+gzip" = true
DEBU[0000] Checking if we can reuse blob sha256:a67f38f81ae8d8bf83bf66b0b01b90e16252b393e6e1ec2a8dcd428258ce8823: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar+gzip" = true
DEBU[0000] Checking if we can reuse blob sha256:843118f807a265140a0a53505c7d4f4fa9cabd8128571ea414273375209cb2be: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar+gzip" = true
DEBU[0000] Checking if we can reuse blob sha256:9e27f648e5c17b7e6c0af234a98ce8a7bfcdf0c447ff9b10ebbc0f49e8d9b195: general substitution = true, compression for MIME type "application/vnd.oci.image.layer.v1.tar+gzip" = true
DEBU[0000] Failed to retrieve partial blob: blob type not supported for partial retrieval
DEBU[0000] Downloading /v2/unbound/blobs/sha256:8cdb2790ef24b2558918aa6c9d8038bc9d66a6f926ce66d89568216165d294a3
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/blobs/sha256:8cdb2790ef24b2558918aa6c9d8038bc9d66a6f926ce66d89568216165d294a3
DEBU[0000] Failed to retrieve partial blob: blob type not supported for partial retrieval
DEBU[0000] Failed to retrieve partial blob: blob type not supported for partial retrieval
DEBU[0000] Downloading /v2/unbound/blobs/sha256:a67f38f81ae8d8bf83bf66b0b01b90e16252b393e6e1ec2a8dcd428258ce8823
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/blobs/sha256:a67f38f81ae8d8bf83bf66b0b01b90e16252b393e6e1ec2a8dcd428258ce8823
DEBU[0000] Failed to retrieve partial blob: blob type not supported for partial retrieval
DEBU[0000] Downloading /v2/unbound/blobs/sha256:843118f807a265140a0a53505c7d4f4fa9cabd8128571ea414273375209cb2be
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/blobs/sha256:843118f807a265140a0a53505c7d4f4fa9cabd8128571ea414273375209cb2be
DEBU[0000] Downloading /v2/unbound/blobs/sha256:9e27f648e5c17b7e6c0af234a98ce8a7bfcdf0c447ff9b10ebbc0f49e8d9b195
DEBU[0000] GET http://127.0.0.1:5000/v2/unbound/blobs/sha256:9e27f648e5c17b7e6c0af234a98ce8a7bfcdf0c447ff9b10ebbc0f49e8d9b195
DEBU[0000] Detected compression format gzip
DEBU[0000] Using original blob without modification
Copying blob 8cdb2790ef24 [--------------------------------------] 0.0b / 27.5MiB (skipped: 0.0b = 0.00%)
Copying blob 8cdb2790ef24 [--------------------------------------] 0.0b / 27.5MiB
Copying blob 8cdb2790ef24 [--------------------------------------] 0.0b / 27.5MiB (skipped: 0.0b = 0.00%)
Copying blob 8cdb2790ef24 [--------------------------------------] 0.0b / 27.5MiB
Copying blob 8cdb2790ef24 [=>------------------------------------] 1.5MiB / 27.5MiB
Copying blob a67f38f81ae8 done
Copying blob 8cdb2790ef24 [=============>------------------------] 10.4MiB / 27.5MiB
Copying blob a67f38f81ae8 done
Copying blob 843118f807a2 done
Copying blob 9e27f648e5c1 [================>---------------------] 1.5MiB / 3.4MiB
Copying blob 8cdb2790ef24 done
Copying blob a67f38f81ae8 done
Copying blob 8cdb2790ef24 done
Copying blob a67f38f81ae8 done
Copying blob 843118f807a2 done
Copying blob 9e27f648e5c1 done
Copying blob 8cdb2790ef24 done
Copying blob a67f38f81ae8 done
Copying blob 843118f807a2 done
Copying blob 9e27f648e5c1 done
DEBU[0002] No compression detected
DEBU[0002] Compression change for blob sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9 ("application/vnd.oci.image.config.v1+json") not supported
DEBU[0002] Using original blob without modification
Copying config 361b11ebcc done
Writing manifest to image destination
DEBU[0002] setting image creation date to 2023-08-07 14:53:28.471654601 +0000 UTC
DEBU[0002] created new image ID "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] saved image metadata "{}"
DEBU[0002] added name "127.0.0.1:5000/unbound:latest" to image "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Pulled candidate 127.0.0.1:5000/unbound:latest successfully
DEBU[0002] Looking up image "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" in local containers storage
DEBU[0002] Trying "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" ...
DEBU[0002] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Found image "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" as "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" in local containers storage
DEBU[0002] Found image "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" as "361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9" in local containers storage ([overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9)
DEBU[0002] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] User mount /home/bill/unbound:/etc/unbound options [ro Z]
DEBU[0002] Looking up image "127.0.0.1:5000/unbound" in local containers storage
DEBU[0002] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0002] Trying "127.0.0.1:5000/unbound:latest" ...
DEBU[0002] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage
DEBU[0002] Found image "127.0.0.1:5000/unbound" as "127.0.0.1:5000/unbound:latest" in local containers storage ([overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9)
DEBU[0002] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0002] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0002] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0002] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0002] Inspecting image 361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9
DEBU[0002] using systemd mode: false
DEBU[0002] setting container name unbound
DEBU[0002] No hostname set; container's hostname will default to runtime default
DEBU[0002] Loading seccomp profile from "/etc/containers/seccomp.json"
DEBU[0002] Adding mount /proc
DEBU[0002] Adding mount /dev
DEBU[0002] Adding mount /dev/pts
DEBU[0002] Adding mount /dev/mqueue
DEBU[0002] Adding mount /sys
DEBU[0002] Adding mount /sys/fs/cgroup
DEBU[0002] Allocated lock 0 for container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0
DEBU[0002] parsed reference into "[overlay@/home/bill/.local/share/containers/storage+/run/user/1000/containers]@361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] exporting opaque data as blob "sha256:361b11ebccb68868a8c55e79618a5e1e6d90a8bc4b5d258b3550f23adf1150a9"
DEBU[0002] Created container "b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0"
DEBU[0002] Container "b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0" has work directory "/home/bill/.local/share/containers/storage/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata"
DEBU[0002] Container "b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0" has run directory "/run/user/1000/containers/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata"
DEBU[0002] Handling terminal attach
INFO[0002] Received shutdown.Stop(), terminating! PID=19531
DEBU[0002] Enabling signal proxying
DEBU[0002] Made network namespace at /run/user/1000/netns/netns-e217cd5c-c25f-308c-cdf3-d635a4749182 for container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0
DEBU[0002] Cached value indicated that volatile is being used
DEBU[0002] overlay: mount_data=lowerdir=/home/bill/.local/share/containers/storage/overlay/l/FJCE7CW64QQYSUH5NSNNATPTVY:/home/bill/.local/share/containers/storage/overlay/l/74IHEIJHIYCEEBWY3LFPOK6HRY:/home/bill/.local/share/containers/storage/overlay/l/GYMLPSM4RUCTZ5QZN7TQNTEZP4:/home/bill/.local/share/containers/storage/overlay/l/24J7AWHQ2MFXRN7WN4T23GOJWY,upperdir=/home/bill/.local/share/containers/storage/overlay/7ca2f935901e390e74647c2cb9fde10082dad7abecd7ed4ea825d14b877db729/diff,workdir=/home/bill/.local/share/containers/storage/overlay/7ca2f935901e390e74647c2cb9fde10082dad7abecd7ed4ea825d14b877db729/work,,userxattr,volatile,context="system_u:object_r:container_file_t:s0:c349,c837"
DEBU[0002] Mounted container "b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0" at "/home/bill/.local/share/containers/storage/overlay/7ca2f935901e390e74647c2cb9fde10082dad7abecd7ed4ea825d14b877db729/merged"
DEBU[0002] Created root filesystem for container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 at /home/bill/.local/share/containers/storage/overlay/7ca2f935901e390e74647c2cb9fde10082dad7abecd7ed4ea825d14b877db729/merged
DEBU[0002] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu=65520 --enable-sandbox --enable-seccomp --enable-ipv6 -c -r 3 -e 4 --netns-type=path /run/user/1000/netns/netns-e217cd5c-c25f-308c-cdf3-d635a4749182 tap0
DEBU[0002] /etc/system-fips does not exist on host, not mounting FIPS mode subscription
DEBU[0002] Setting Cgroups for container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 to user.slice:libpod:b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0
DEBU[0002] reading hooks from /usr/share/containers/oci/hooks.d
DEBU[0002] Workdir "/etc/unbound" resolved to a volume or mount
DEBU[0002] Created OCI spec for container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 at /home/bill/.local/share/containers/storage/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata/config.json
DEBU[0002] /usr/bin/conmon messages will be logged to syslog
DEBU[0002] running conmon: /usr/bin/conmon args="[--api-version 1 -c b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 -u b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 -r /usr/bin/runc -b /home/bill/.local/share/containers/storage/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata -p /run/user/1000/containers/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata/pidfile -n unbound --exit-dir /run/user/1000/libpod/tmp/exits --full-attach -s -l journald --log-level debug --syslog -t --conmon-pidfile /run/user/1000/containers/overlay-containers/b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/bill/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --network-config-dir --exit-command-arg --exit-command-arg --network-backend --exit-command-arg cni --exit-command-arg --volumepath --exit-command-arg /home/bill/.local/share/containers/storage/volumes --exit-command-arg --db-backend --exit-command-arg boltdb --exit-command-arg --transient-store=false --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg --syslog --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --rm --exit-command-arg b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0]"
INFO[0002] Running conmon under slice user.slice and unitName libpod-conmon-b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0.scope
INFO[0002] Failed to add conmon to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0002] Received: 19613
INFO[0002] Got Conmon PID as 19596
DEBU[0002] Created container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 in OCI runtime
DEBU[0002] Attaching to container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0
DEBU[0002] Received a resize event: {Width:128 Height:69}
DEBU[0002] Starting container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 with command [/usr/sbin/unbound -d]
DEBU[0002] Started container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0
DEBU[0002] Notify sent successfully
DEBU[0002] Checking if container b0d92ad8a7d590c5718622c1eb7c41281258c2470d1e093169b6370bf222bfe0 should restart
DEBU[0002] Called run.PersistentPostRunE(podman run --name unbound -it --log-level debug --rm -v /home/bill/unbound:/etc/unbound:ro,Z --cap-add CAP_NET_ADMIN --tls-verify=false 127.0.0.1:5000/unbound)
DEBU[0002] Shutting down engines
DEBU[0002] [graphdriver] trying provided driver "overlay"
DEBU[0002] Cached value indicated that overlay is supported
DEBU[0002] Cached value indicated that overlay is supported
DEBU[0002] Cached value indicated that metacopy is not being used
DEBU[0002] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
$
if you want to listen on the host port you need to run as root (not rootless) and use --net=host for the container
I don't see how connecting the host's whole network to the container makes any difference here, particularly from a security standpoint.
Do you come from the docker world?