Bug 1810874

Summary: "podman container prune" cannot prune zombie container.
Product: Red Hat Enterprise Linux 8 Reporter: Kirby Zhou <kirbyzhou>
Component: podmanAssignee: Qi Wang <qiwan>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: bbaude, dwalsh, jligon, jnovy, kanderso, lsm5, mheon, tsweeney, ypu
Target Milestone: rc   
Target Release: 8.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: podman-1.9.3 and newer Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-21 15:31:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kirby Zhou 2020-03-06 05:33:14 UTC 
Description of problem:

"podman container prune" cannot prune zombie container.


Version-Release number of selected component (if applicable):

podman-1.6.4-2.module_el8.1.0+272+3e64ee36.x86_64
runc-1.0.0-64.rc9.module_el8.1.0+272+3e64ee36.x86_64

How reproducible:



Steps to Reproduce:
1. run a container with invalid entrypointt

~]# podman run -it --name zombie docker-reg.sogou-inc.com/official/centos:7.7.1908 --test dummy
Error: container_linux.go:346: starting container process caused "exec: \"--test\": executable file not found in $PATH": OCI runtime command not found error

2. check the container status
~]# podman ps -a
CONTAINER ID  IMAGE                                                    COMMAND       CREATED         STATUS   PORTS  NAMES
cb7750baa0a3  docker-reg.sogou-inc.com/official/centos:7.7.1908        --test dummy  16 seconds ago  Created         zombie

3. try prune and kill
~]# podman container prune
~]# podman kill --all
Error: can only kill running containers. cb7750baa0a3a904981cb19f99f121fd43742e3bdde9069ad0d18d131be7f924 is in state configured: container state improper

~]# podman container prune

4. verify
~]# podman ps -a
CONTAINER ID  IMAGE                                                    COMMAND       CREATED             STATUS   PORTS  NAMES
cb7750baa0a3  docker-reg.sogou-inc.com/official/centos:7.7.1908        --test dummy  About a minute ago  Created         zombie


Actual results:

The container zombie can not be pruned even after reboot.

Expected results:

The container zombie can be pruned.

Additional info:

I have tried reboot, but the zombie still here.

"docker-reg.sogou-inc.com/official/centos:7.7.1908" is a local mirror of official image centos:7.7.1908.
Comment 1 Kirby Zhou 2020-03-06 05:34:27 UTC 
"podman system prune" do not prune zombie too.
Comment 2 Tom Sweeney 2020-03-06 20:59:13 UTC 
Qi can you take a look at this please?  It looks like Docker is pruning containers that are in the "Created" state and Podman is not.  I'm thinking it should unless Matt Heon has different thoughts.  We may need to change the man pages too.

# docker  run -it --name zombie --entrypoint=/mybad centos --test dummy
Unable to find image 'centos:latest' locally
latest: Pulling from library/centos
8a29a15cefae: Pull complete 
Digest: sha256:fe8d824220415eed5477b63addf40fb06c3b049404242b31982106ac204f6700
Status: Downloaded newer image for centos:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"/mybad\": stat /mybad: no such file or directory": unknown.

# docker ps -a
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS                  PORTS               NAMES
f37c4622e293        centos              "/mybad --test dummy"   4 minutes ago       Created                                     zombie
206a44caa868        fedora-bashecho     "./tmp/runecho.sh"      7 days ago          Exited (0) 7 days ago                       frosty_wiles

# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
f37c4622e293ea01e4f31bf3dab79ca02b26de1d7e930da9d85b3c785a803e76
206a44caa8684416f59576d5df6ddda0cbec7a3985ba481ba8743da17ad4058b

# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
Comment 3 Tom Sweeney 2020-03-06 21:05:16 UTC 
Kirby,
 
Thanks for the report.  I was able to replicate the issue, we'll take a look.

In the meantime, I know the prune does not work to remove the container, but you could use the rm command: `podman rm {ctrid}` to remove it.
Comment 4 Matthew Heon 2020-03-06 21:07:05 UTC 
I do not think we want to prune containers in Created; that's not really the intent of prune. The question is how that container is making it back to Created; it should be in Stopped or Exited after a `podman run`, successful or otherwise.
Comment 5 Matthew Heon 2020-03-06 21:08:14 UTC 
Hm. Docker prunes created? That's interesting. We should match them, then. Still very interested as to why we're in Created after the run command though.
Comment 6 Kirby Zhou 2020-03-07 15:01:54 UTC 
(In reply to Matthew Heon from comment #4)
> I do not think we want to prune containers in Created; that's not really the
> intent of prune. The question is how that container is making it back to
> Created; it should be in Stopped or Exited after a `podman run`, successful
> or otherwise.

Thanks for your explain, maybe we should change the title of bug?
Comment 7 Qi Wang 2020-03-09 20:27:20 UTC 
Created a container found its status from inspect it is configured, but in docker it is created.

$ podman create --name ctr alpine
bac6adb052817e1a9ea88966753b8a4c6f389e6b5116c17f33ec22475c48d302
$ podman inspect ctr --format {{.State.Status}}
configured

$ docker create --name ctr alpine
f3a935b73d81a4ebc8679461f6c1b548d4735eb666922847ef8c11c8a3bd6c6a
$ docker inspect ctr --format {{.State.Status}}
created
Comment 8 Daniel Walsh 2020-03-09 21:18:26 UTC 
So should we prune created and configured?
Comment 9 Matthew Heon 2020-03-09 21:44:31 UTC 
Sure. Still does not explain why the container is back in created after running, which seems to be the more interesting issue.
Comment 10 Tom Sweeney 2020-06-05 17:25:34 UTC 
Qi any progress with this?
Comment 11 Qi Wang 2020-06-05 17:35:35 UTC 
reply to Tom Sweeney from comment #10)
> Qi any progress with this?


Patch for this BZ https://github.com/containers/libpod/pull/5436 got merged.
Comment 12 Daniel Walsh 2020-06-05 17:45:53 UTC 
Fixed in podman 2.0
Comment 18 Joy Pu 2020-06-16 10:55:00 UTC 
Test with podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64, and the podman container prune works as expect now. So set this to verified. Details:
# podman run -it --name zombie centos:7.7.1908 --test dummy
Error: container_linux.go:349: starting container process caused "exec: \"--test\": executable file not found in $PATH": OCI runtime command not found error
# podman  ps -a
CONTAINER ID  IMAGE                              COMMAND       CREATED            STATUS                PORTS  NAMES
346eab173ec3  docker.io/library/centos:7.7.1908  --test dummy  10 seconds ago     Created                      zombie
#  podman container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
346eab173ec3c9411acb59f3e7c33eb7d9d189685bb052d3feb3c92d8a57a2d8
# podman kill --all
# podman ps -a
CONTAINER ID  IMAGE                             COMMAND  CREATED            STATUS                       PORTS  NAMES
Comment 20 errata-xmlrpc 2020-07-21 15:31:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3053