Skip to content

"podman inspect" triggers SIGSEGV on FreeBSD #21117

New issue
New issue
Closed
#21253
Closed
"podman inspect" triggers SIGSEGV on FreeBSD#21117
#21253
Labels
kind/bugCategorizes issue or PR as related to a bug.locked - please file new issue/PRAssist humans wanting to comment on an old issue or PR with locked comments.
@bcooksley

Description

@bcooksley
bcooksley
opened on Jan 2, 2024

Issue Description

We're currently experimenting with the use of Podman on FreeBSD to see if it is suitable for use within KDE's CI production environment.

So far, we've managed to put together an image (and have that building perfectly fine) however when getting Gitlab Runner to stand up a Podman container it appears it runs the equivalent of "podman inspect" which fails.

Code at https://github.com/containers/podman/blob/main/libpod/container_inspect.go#L319 (moved down 3 lines since 4.7.2) appears to be the issue here as it is not checking whether c.config.Spec.Linux is valid before trying to use it.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Start a container, noting it's container ID
  2. Run "podman inspect $containerID"

Describe the results you received

root@node5-freebsd:~ # podman inspect b82eb05297bf
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x98 pc=0x212520f]

goroutine 1 [running]:
github.com/containers/podman/v4/libpod.(*Container).GetSecurityOptions(0x850687100)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/libpod/container_inspect.go:316 +0x3ef
github.com/containers/podman/v4/libpod.(*Container).generateInspectContainerHostConfig(0x850687100, 0x8501725a0, {0x26fcc28, 0x0, 0x26fcc28?}, {0x26fcc28, 0x0, 0x0?})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/libpod/container_inspect.go:494 +0x9ff
github.com/containers/podman/v4/libpod.(*Container).getContainerInspectData(0x850687100, 0x0, 0x8505bca68)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/libpod/container_inspect.go:210 +0x148a
github.com/containers/podman/v4/libpod.(*Container).inspectLocked(0x850687100, 0xa0?)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/libpod/container_inspect.go:32 +0x27f
github.com/containers/podman/v4/libpod.(*Container).Inspect(0x850687100?, 0xcf?)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/libpod/container_inspect.go:46 +0xc5
github.com/containers/podman/v4/pkg/domain/infra/abi.(*ContainerEngine).ContainerInspect(0x850128b58, {0xad82d6950c0?, 0x5?}, {0x850446d40, 0x1, 0x85081f7a0?}, {{0x5c7394, 0x4}, 0x0, 0x0, ...})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/pkg/domain/infra/abi/containers.go:521 +0x525
github.com/containers/podman/v4/cmd/podman/inspect.(*inspector).inspectAll(0x8500b96d0, {0x896b70, 0x8500460f0}, {0x85051a8e0, 0x1, 0x1})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/inspect/inspect.go:214 +0x1ed
github.com/containers/podman/v4/cmd/podman/inspect.(*inspector).inspect(0x8500b96d0, {0x85051a8e0?, 0x0?, 0x5c6615?})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/inspect/inspect.go:102 +0x191
github.com/containers/podman/v4/cmd/podman/inspect.Inspect({0x85051a8e0, 0x1, 0x1}, {{0x5c7394, 0x4}, 0x0, 0x0, {0x5c6615, 0x3}, 0x0})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/inspect/inspect.go:46 +0x8c
main.inspectExec(0x25eecc0?, {0x85051a8e0?, 0x1?, 0x1?})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/inspect.go:45 +0x6a
github.com/spf13/cobra.(*Command).execute(0x25eecc0, {0x8500401a0, 0x1, 0x1})
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/vendor/github.com/spf13/cobra/command.go:940 +0x862
github.com/spf13/cobra.(*Command).ExecuteC(0x25ef560)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/vendor/github.com/spf13/cobra/command.go:1068 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/vendor/github.com/spf13/cobra/command.go:992
github.com/spf13/cobra.(*Command).ExecuteContext(...)
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/vendor/github.com/spf13/cobra/command.go:985
main.Execute()
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/root.go:114 +0xcc
main.main()
/wrkdirs/usr/ports/sysutils/podman/work/podman-4.7.2/cmd/podman/main.go:60 +0x47f

Describe the results you expected

Correct output from "podman inspect $containerID"

podman info output

host:
  arch: amd64
  buildahVersion: 1.32.0
  cgroupControllers: null
  cgroupManager: ""
  cgroupVersion: ""
  conmon:
    package: conmon-2.1.7_6
    path: /usr/local/bin/conmon
    version: 'conmon version 2.1.7, commit: unknown'
  cpuUtilization:
    idlePercent: 99.76693789932746
    systemPercent: 0.11194614722325436
    userPercent: 0.11836839677552313
  cpus: 16
  databaseBackend: boltdb
  distribution:
    distribution: freebsd
    version: "14.0"
  eventLogger: file
  hostname: node5-freebsd
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 14.0-RELEASE
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 1083846656
  memTotal: 17137356800
  networkBackend: cni
  networkBackendInfo:
    backend: cni
    dns: {}
  ociRuntime:
    name: ocijail
    package: ocijail-0.3.0
    path: /usr/local/bin/ocijail
    version: ocijail version 0.3.0
  os: freebsd
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: true
    path: /var/run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: ""
    rootless: false
    seccompEnabled: false
    seccompProfilePath: ""
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 0
  swapTotal: 0
  uptime: 73h 54m 59.00s (Approximately 3.04 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /usr/local/etc/containers/storage.conf
  containerStore:
    number: 4
    paused: 0
    running: 1
    stopped: 3
  graphDriverName: zfs
  graphOptions: {}
  graphRoot: /var/db/containers/storage
  graphRootAllocated: 173418348544
  graphRootUsed: 129765376
  graphStatus:
    Compression: lz4
    Parent Dataset: zroot/containers
    Parent Quota: "no"
    Space Available: "173288583168"
    Space Used By Parent: "31008272384"
    Zpool: zroot
    Zpool Health: ONLINE
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 26
  runRoot: /var/run/containers/storage
  transientStore: false
  volumePath: /var/db/containers/storage/volumes
version:
  APIVersion: 4.7.2
  Built: 1702982426
  BuiltTime: Tue Dec 19 10:40:26 2023
  GitCommit: ""
  GoVersion: go1.20.12
  Os: freebsd
  OsArch: freebsd/amd64
  Version: 4.7.2

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

No

Additional environment details

Virtual Machine running FreeBSD 14.0.
VM Software is KVM on a Linux host running Debian Bookworm.

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.locked - please file new issue/PRAssist humans wanting to comment on an old issue or PR with locked comments.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions