[pkg-go] Bug#1002997: podman: Please provide a default /etc/containers/storage.conf

Philip philip at kellnerweg.de
Sun Jan 2 14:43:49 GMT 2022 

Package: podman
Version: 3.0.1+dfsg1-3+b2
Severity: wishlist

Dear Maintainer,

I had some problems running the dockerized version of the Unifi controller jacobalberty/unifi-docker
with podman on Debian.
On a Fedora system, starting the container only takes a few seconds.
On a Debian system, it can take about 5 minutes.

The reason is that on the Fedora system the mount-option metacopy=on
(see  [1] for this mount option) is set for the container overlayfs via a default /etc/containers/storage.conf.
That makes quite the difference for this specific image because it does a
`chown unifi:unifi /usr/lib/unifi` during startup.
chown-ing these 6k files is fast with metacopy=on (on Fedora).
Without the option (on Debian), I think the files will be copied instead of only their metadata, making it rather slow.

So the solution for me was to copy /etc/containers/storage.conf from a
Fedora system. If anyone has a similar problem, the file can be extracted from the
src rpm of the containers-common package which can be downloaded at [2].

IMO it would be useful if Debian would also include a default
/etc/containers/storage.conf.
Thanks for considering this!
However I'm not sure if metacopy=on is a good idea from a security
perspective.

Best
Philip

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.0.25+ds1-1.1
ii  containernetworking-plugins      0.9.0-1+b6
ii  crun                             0.17+dfsg-1
ii  golang-github-containers-common  0.33.4+ds1-1
ii  init-system-helpers              1.60
ii  iptables                         1.8.7-1
ii  libc6                            2.31-13+deb11u2
ii  libdevmapper1.02.1               2:1.02.175-2.1
ii  libgpgme11                       1.14.0-1+b2
ii  libseccomp2                      2.5.1-1+deb11u1

Versions of packages podman recommends:
ii  buildah                                           1.19.6+dfsg1-1+b6
ii  catatonit                                         0.1.5-2
ii  fuse-overlayfs                                    1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b7
ii  slirp4netns                                       1.0.1-2
ii  uidmap                                            1:4.8.1-1

Versions of packages podman suggests:
pn  containers-storage  <none>
pn  docker-compose      <none>

-- no debconf information


[1]: https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#metadata-only-copy-up
[2]: https://kojipkgs.fedoraproject.org//packages/containers-common/1/32.fc35/src/containers-common-1-32.fc35.src.rpm

More information about the Pkg-go-maintainers mailing list