[pkg-go] Bug#1061194: podman: cannot run rootful containers with many layers using overlay driver

Faidon Liambotis paravoid at debian.org
Tue Jan 23 08:19:57 GMT 2024

Control: reassign -1 src:golang-github-containers-storage 1.43.0+ds1-8
Control: fixed -1 1.45.1+ds1-1
Control: affects -1 src:libpod

On Sun, Jan 21, 2024 at 01:17:46AM +0800, Tee Hao Wei wrote:
> Oh. I just noticed how Debian handles Go dependencies..
> I guess this will actually need to be a cherry-pick to golang-github-containers-storage-dev followed by a rebuild of podman.

That's right, this is technically a golang-github-containers-storage-dev
bug, so reassigning there. FWIW:

$ git describe --contains 7c5964df95c892cfbdbce594cf5a8e2973c70fd7
$ git describe --contains d232b36652d55b42a21f1713db7f7d455b837b3c
$ git checkout v1.43.0
HEAD is now at 04d8b90f9 Bump to v1.43.0
$ git cherry-pick 7c5964df95c892cfbdbce594cf5a8e2973c70fd7 d232b36652d55b42a21f1713db7f7d455b837b3c
$ git diff --stat v1.43.0..
 drivers/overlay/mount.go   | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 drivers/overlay/overlay.go | 50 ++++++++++++--------------------------------
 tests/layers.bats          | 40 +++++++++++++++++++++++++++++++++--
 3 files changed, 143 insertions(+), 44 deletions(-)

I think that's big enough to make me at least a bit uncomfortable about
a cherry-pick to stable. Could you elaborate on your use case? It sounds
like this manifests only with a large number of layers, and I'm not sure
how common this is.

The alternative to a stable update is a backport of the latest podman
version (currently 4.8.3), plus associated packages like
containers/storage, of course.  It's a moderate amount of work; Reinhard
who's been doing the version updates in unstable could speak more to the
work he's been putting into package updates etc. It would help with
bringing in a lot of more fixes from what I'd consider a very active
upstream. We also have #1059496, as another recent, concrete example.

I'm still unsure and debating targeted s-p-u fixes vs. a backport. My
concern is basically that we may start playing whack-a-mole. A quick
peek at the upstream changelog reveals tons of fixed bugs in every
release, and us trying to keep up by cherry-picking fixes to two years
of upstream development may prove futile...



More information about the Pkg-go-maintainers mailing list