Bug 1937487

Summary: Podman socket failing to connect with long uid
Product: Red Hat Enterprise Linux 8 Reporter: Devon <dshumake>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Yuhui Jiang <yujiang>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.4CC: bbaude, ben.formosa, chris.smart, ddarrah, dornelas, dwalsh, fsayyed, jligon, jnovy, joedward, lsm5, mheon, pthomas, rmanes, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: podman-3.0.1-5.el8 or newer Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1939247 1942529 (view as bug list) Environment:
Last Closed: 2021-05-18 15:34:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1186913, 1823899, 1942529    

Description Devon 2021-03-10 18:11:26 UTC 
Description of problem:

Looks like we are seeing the exact same issue as shown in the following bug where users are not able to connect to the socket when the /var/run/user/<uid>/libpod/tmp/socket/ does not get truncated enough which causes this to fail with the following errors.

    Socket truncated with long user names using default $XDG_RUNTIME_DIR · Issue #8798 · containers/podman · GitHub
    URL:   https://github.com/containers/podman/issues/8798

$ podman exec -it 1a /bin/sh

ERRO[0005] Container 1acc9b5c1de29ec462dd35250574347782f1634ebb1a8b22af80995b85da817e exec session 9b6c7dc9e3fde95b4a348ba8d47ff8749fdc3c7ed67dfd55591accf73cc2495b error: failed to connect to container's attach socket: /run/user/700052478/libpod/tmp/socket/9b6c7dc9e3fde95b4a348ba8d47ff8749fdc3c7ed67dfd55591accf73cc2495b/atta: dial unixpacket /run/user/700052478/libpod/tmp/socket/9b6c7dc9e3fde95b4a348ba8d47ff8749fdc3c7ed67dfd55591accf73cc2495b/atta: connect: no such file or directory
Error: timed out waiting for file /local/data/scratch/mqlgcqa/containers/storage/overlay-containers/1acc9b5c1de29ec462dd35250574347782f1634ebb1a8b22af80995b85da817e/userdata/9b6c7dc9e3fde95b4a348ba8d47ff8749fdc3c7ed67dfd55591accf73cc2495b/exit/1acc9b5c1de29ec462dd35250574347782f1634ebb1a8b22af80995b85da817e: internal libpod error

Customer is looking for this to be backported into podman 2.2, and they have also asked for this patch to be released by the end of the month.

Looks like the commit that fixes this is here:

    oci: use /proc/self/fd/FD to open unix socket by giuseppe · Pull Request #8933 · containers/podman · GitHub
    URL:   https://github.com/containers/podman/pull/8933

Version-Release number of selected component (if applicable):

2.2.1

How reproducible:

Every time

Actual results:

Unable to connect to podman socket

Expected results:

Be able to truncate socket path correctly and connect.

Additional info:

Also looks very similar to 1932397 so added that link to this bug as well but looks slightly different so opened a new bug to confirm this is in fact a different issue or not.
Comment 1 Jindrich Novy 2021-03-12 08:52:29 UTC 
Devon, the PR https://github.com/containers/podman/pull/8933 is already part of podman-3.0 which will be part of 8.4.0. Also changing component for this bug to podman.
Comment 17 Derrick Ornelas 2021-03-22 18:45:46 UTC 
*** Bug 1939247 has been marked as a duplicate of this bug. ***
Comment 26 errata-xmlrpc 2021-05-18 15:34:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: container-tools:rhel8 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1796