Network Dropped Connection On Reset on Intel macOS when Running Binary on Mounted Volume #14492
Description
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
If running a macOS host, if any binary is run from a volume mounted from the host, then an error appears stating Network dropped connection on reset. If the binary is run locally, IE, not from a mounted volume, then everything works fine. Shell scripts and other non-binary executables run.
Steps to reproduce the issue:
- Install latest podman from homebrew, as documented.
- Initialize and start the machine, then run the following script:
A simple example is:
# dpkg is a compiled executable
mkdir tmp
podman run -it --rm \
-v "$PWD/tmp":/opt/tmp \
ubuntu:20.04 \
bash -c "cp /usr/bin/dpkg /opt/tmp && /opt/tmp/dpkg --version"And this fails with: bash: /opt/tmp/dpkg: Network dropped connection on reset.
If I change this to:
# which is a shell script
mkdir tmp
podman run -it --rm \
-v "$PWD/tmp":/opt/tmp \
ubuntu:20.04 \
bash -c "cp /usr/bin/which /opt/tmp && /opt/tmp/which df"This then succeeds with /usr/bin/df.
Describe the results you expected:
Binaries should be able to run from mounted volumes. This issue happens always, but I'm including the below information for help reproducing. I've also tried various different bind mount options (the SELinux ones don't work, but I've tried shared, private, rshared, rprivate, etc.).
Additional information you deem important (e.g. issue happens only occasionally):
Host Information
- macOS Catalina 10.15.7, x86_64 host, Early 2013 MacBook Pro
- Install partition is an APFS volume (encrypted)
Output of podman version:
$ podman version
Client: Podman Engine
Version: 4.1.0
API Version: 4.1.0
Go Version: go1.18.1
Built: Thu May 5 13:07:47 2022
OS/Arch: darwin/amd64
Server: Podman Engine
Version: 4.1.0
API Version: 4.1.0
Go Version: go1.18
Built: Fri May 6 09:15:54 2022
OS/Arch: linux/amd64
Output of podman info --debug:
host:
arch: amd64
buildahVersion: 1.26.1
cgroupControllers:
- cpu
- io
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-2.1.0-2.fc36.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.0, commit: '
cpuUtilization:
idlePercent: 97.55
systemPercent: 0.97
userPercent: 1.48
cpus: 1
distribution:
distribution: fedora
variant: coreos
version: "36"
eventLogger: journald
hostname: localhost.localdomain
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 1000000
uidmap:
- container_id: 0
host_id: 501
size: 1
- container_id: 1
host_id: 100000
size: 1000000
kernel: 5.17.5-300.fc36.x86_64
linkmode: dynamic
logDriver: journald
memFree: 411836416
memTotal: 2066817024
networkBackend: netavark
ociRuntime:
name: crun
package: crun-1.4.4-1.fc36.x86_64
path: /usr/bin/crun
version: |-
crun version 1.4.4
commit: 6521fcc5806f20f6187eb933f9f45130c86da230
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
exists: true
path: /run/user/501/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: true
serviceIsRemote: true
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
version: |-
slirp4netns version 1.2.0-beta.0
commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.3
swapFree: 0
swapTotal: 0
uptime: 2h 42m 7.31s (Approximately 0.08 days)
plugins:
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /var/home/core/.config/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/home/core/.local/share/containers/storage
graphRootAllocated: 106825756672
graphRootUsed: 7484477440
graphStatus:
Backing Filesystem: xfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 3
runRoot: /run/user/501/containers
volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
APIVersion: 4.1.0
Built: 1651853754
BuiltTime: Fri May 6 09:15:54 2022
GitCommit: ""
GoVersion: go1.18
Os: linux
OsArch: linux/amd64
Version: 4.1.0
Package info (brew info podman:
$ brew info podman
podman: stable 4.1.0 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/usr/local/Cellar/podman/4.1.0 (174 files, 48.2MB) *
Poured from bottle on 2022-06-05 at 11:20:45
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb
License: Apache-2.0
==> Dependencies
Build: go ✘, go-md2man ✘
Required: qemu ✔
==> Options
--HEAD
Install HEAD version
==> Caveats
Bash completion has been installed to:
/usr/local/etc/bash_completion.d
==> Analytics
install: 21,602 (30 days), 60,065 (90 days), 151,567 (365 days)
install-on-request: 21,518 (30 days), 59,974 (90 days), 151,461 (365 days)
build-error: 1 (30 days)
Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Related to #14142, suggests this affects more than just Apple M1 hardware: it affects podman installs on both Intel and ARM macOS platforms.