podman icon indicating copy to clipboard operation
podman copied to clipboard
verified publisher icon containers

CI: podman volumes with XFS quotas broken on fedora

Open Luap99 opened this issue 1 month ago • 1 comments

podman volumes with XFS quotas fails on f43 with the latest image update

[+0239s] not ok 172 [161] podman volumes with XFS quotas in 1879ms
         # (from function `bail-now' in file test/system/[helpers.bash, line 230](https://github.com/containers/podman/blob/5d79adbd6a8f1612c51e81ca68ed9b5d32ff7e19/test/system/helpers.bash#L230),
         #  from function `die' in file test/system/[helpers.bash, line 964](https://github.com/containers/podman/blob/5d79adbd6a8f1612c51e81ca68ed9b5d32ff7e19/test/system/helpers.bash#L964),
         #  from function `run_podman' in file test/system/[helpers.bash, line 605](https://github.com/containers/podman/blob/5d79adbd6a8f1612c51e81ca68ed9b5d32ff7e19/test/system/helpers.bash#L605),
         #  in test file test/system/[161-volume-quotas.bats, line 72](https://github.com/containers/podman/blob/5d79adbd6a8f1612c51e81ca68ed9b5d32ff7e19/test/system/161-volume-quotas.bats#L72))
         #   `run_podman $safe_opts exec $ctrname dd if=/dev/zero of=/one/oneMB bs=1M count=1' failed
         #
<+0053s> # # podman  volume rm -a
         # meta-data=/dev/loop0             isize=512    agcount=4, agsize=19200 blks
         #          =                       sectsz=512   attr=2, projid32bit=1
         #          =                       crc=1        finobt=1, sparse=1, rmapbt=1
         #          =                       reflink=1    bigtime=1 inobtcount=1 nrext64=1
         #          =                       exchange=0   metadir=0
         # data     =                       bsize=4096   blocks=76800, imaxpct=25
         #          =                       sunit=0      swidth=0 blks
         # naming   =version 2              bsize=4096   ascii-ci=0, ftype=1, parent=0
         # log      =internal log           bsize=4096   blocks=16384, version=2
         #          =                       sectsz=512   sunit=0 blks, lazy-count=1
         # realtime =none                   extsz=4096   blocks=0, rtextents=0
         #          =                       rgcount=0    rgsize=0 extents
         #          =                       zoned=0      start=0 reserved=0
         # Discarding blocks...Done.
         #
<+687ms> # # podman  --root /tmp/CI_psC1/podman_bats.SqJ3au/root --runroot /tmp/CI_psC1/podman_bats.SqJ3au/runroot --tmpdir /tmp/CI_psC1/podman_bats.SqJ3au/tmpdir --volumepath=/tmp/CI_psC1/podman_bats.SqJ3au/volpath volume create --opt o=size=2m testvol1
<+040ms> # testvol1
         #
<+012ms> # # podman  --root /tmp/CI_psC1/podman_bats.SqJ3au/root --runroot /tmp/CI_psC1/podman_bats.SqJ3au/runroot --tmpdir /tmp/CI_psC1/podman_bats.SqJ3au/tmpdir --volumepath=/tmp/CI_psC1/podman_bats.SqJ3au/volpath volume create --opt o=size=4m testvol2
<+034ms> # testvol2
         #
<+169ms> # # podman  image exists quay.io/libpod/testimage:20241011
<+032ms> # [ rc=1 ]
         # # skopeo copy --all oci-archive:/tmp/CI_psC1/podman-systest-imagecache-0/quay.io--libpod--testimage--20241011.tar containers-storage:[overlay@/tmp/CI_psC1/podman_bats.SqJ3au/root+/tmp/CI_psC1/podman_bats.SqJ3au/runroot]quay.io/libpod/testimage:20241011
         # Getting image source signatures
         # Copying blob sha256:5be41df7978d85a664af00d0a7cdb0ebb1a479f421db7c2c63ff5cc6492870b1
         # Copying blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
         # Copying config sha256:13dc0b3d0b0ab2d7068069d03d18d0c4ac8f07e2eb2d4bf37fc72b4d9dbf9378
         # Writing manifest to image destination
         #
<+235ms> # # podman  --root /tmp/CI_psC1/podman_bats.SqJ3au/root --runroot /tmp/CI_psC1/podman_bats.SqJ3au/runroot --tmpdir /tmp/CI_psC1/podman_bats.SqJ3au/tmpdir --volumepath=/tmp/CI_psC1/podman_bats.SqJ3au/volpath run -d --pull=never --name=testctr -i -v testvol1:/one -v testvol2:/two quay.io/libpod/testimage:20241011 top
<+124ms> # 7d151d106aa42e7eb9149b1173fa64188bc4182e313676a4b94a1fc21c495798
         #
<+011ms> # # podman  --root /tmp/CI_psC1/podman_bats.SqJ3au/root --runroot /tmp/CI_psC1/podman_bats.SqJ3au/runroot --tmpdir /tmp/CI_psC1/podman_bats.SqJ3au/tmpdir --volumepath=/tmp/CI_psC1/podman_bats.SqJ3au/volpath exec testctr dd if=/dev/zero of=/one/oneMB bs=1M count=1
<+088ms> # Error: can only create exec sessions on running containers: container state improper
<+004ms> # [ rc=255 (** EXPECTED 0 **) ]
         # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
         # #| FAIL: exit code is 255; expected 0
         # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
         #
<+008ms> # # podman  rm -af -t 0
         #
<+028ms> # # podman  volume rm -a
         # /tmp/CI_psC1/podman_bats.SqJ3au/volpath is a mountpoint
         # # [teardown]

It seems the container fails to start due selinux problems

Dec 11 18:42:50 ip-172-31-16-210.ec2.internal audit[44917]: AVC avc:  denied  { read } for  pid=44917 comm="top" path="/bin/busybox" dev="tmpfs" ino=9750 scontext=system_u:system_r:container_t:s0:c90,c990 tcontext=system_u:object_r:container_var_run_t:s0 tclass=file permissive=0
Dec 11 18:42:50 ip-172-31-16-210.ec2.internal testctr[44915]: Error relocating /usr/bin/top: RELRO protection failed: No error information

The test uses a custom root in the tempdir so I assume the labels are wrong, however I don't know why only this test fails. There are other tests using podman_isolation_opts which work fine.

cc @timcoding1988

Luap99 avatar Dec 12 '25 13:12 Luap99