[pkg-go] Bug#1061194: podman: cannot run rootful containers with many layers using overlay driver

Tee Hao Wei thw at in04.sg
Sat Jan 20 15:34:37 GMT 2024

Package: podman
Version: 4.3.1+ds1-8+b1
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: thw at in04.sg

bookworm's podman has a bug that prevents it from running images that have many
layers in rootful mode using the overlay storage driver.

The bug was reported upstream here[1] and fixed in [2], which was picked up in
podman v4.4. The patch in [2] depends on at least this[3] other commit.

Could you please cherry-pick the fix? Thank you.

As an aside: the root cause is that the overlay driver ends up passing the
wrong (non-idmapped) lower dirs to overlayfs when the mount arguments exceed
one page (4K), which is why this is only seen with images with many layers,
and only when running as root (since idmapped mounts require root).

[1] https://github.com/containers/storage/issues/1410
[2] https://github.com/containers/storage/pull/1411
[3] https://github.com/containers/storage/commit/7c5964df95c892cfbdbce594cf5a8e2973c70fd7

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.1.6+ds1-1
ii  crun                             1.8.1-1+deb12u1
ii  golang-github-containers-common  0.50.1+ds1-4
ii  libc6                            2.36-9+deb12u3
ii  libdevmapper1.02.1               2:1.02.185-2
ii  libgpgme11                       1.18.0-3+b1
ii  libseccomp2                      2.5.4-1+b3
ii  libsubid4                        1:4.13+dfsg1-1+b1

Versions of packages podman recommends:
ii  buildah            1.28.2+ds1-3+b1
ii  catatonit          0.1.7-1+b1
ii  dbus-user-session  1.14.10-1~deb12u1
ii  fuse-overlayfs     1.10-1
ii  slirp4netns        1.2.0-1
ii  uidmap             1:4.13+dfsg1-1+b1

Versions of packages podman suggests:
pn  containers-storage  <none>
pn  docker-compose      <none>
ii  iptables            1.8.9-2

-- no debconf information

More information about the Pkg-go-maintainers mailing list