podman: cp -afl --preserve=xattr failing on directories

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When executing cp -afl --preserve=xattr <dir0> <dir1) in a podman container, it appears that podman is attempting to create hard-links for the directories themselves (which is not permitted, even as root), rather than copy the directory names and create hard-links for the files. If I remove the --preserve=xattr, it works as expected. Note that this works correctly in Docker.

Steps to reproduce the issue:

  1. podman run -it <hash> bash

  2. mkdir /tmp/systemd

  3. cp -afl --preserve=xattr /etc/systemd/* /tmp/systemd

Describe the results you received:

cp -afl --preserve=xattr /etc/systemd/* /tmp/systemd
cp: setting attributes for '/tmp/systemd/network': Operation not supported
cp: setting attributes for '/tmp/systemd/system/timers.target.wants': Operation not supported
cp: setting attributes for '/tmp/systemd/system/getty.target.wants': Operation not supported
cp: setting attributes for '/tmp/systemd/system/multi-user.target.wants': Operation not supported
cp: setting attributes for '/tmp/systemd/system/sockets.target.wants': Operation not supported
cp: setting attributes for '/tmp/systemd/system/sysinit.target.wants': Operation not supported
cp: setting attributes for '/tmp/systemd/system': Operation not supported
cp: setting attributes for '/tmp/systemd/user': Operation not supported
root@4ac3d766f5d3:/# echo $?
1

Describe the results you expected:

cp -afl --preserve=xattr /etc/systemd/* /tmp/systemd
root@4ac3d766f5d3:/# echo $?
0

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.8.2
RemoteAPI Version:  1
Go Version:         go1.13.6
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: ""
  go version: go1.13.6
  podman version: 1.8.2
host:
  BuildahVersion: 1.14.3
  CgroupVersion: v2
  Conmon:
    package: conmon-2.0.14-1.fc31.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.14, commit: 083a0be12178013d44ff51ceda3090ea741b6516'
  Distribution:
    distribution: fedora
    version: "31"
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  MemFree: 14982782976
  MemTotal: 33680461824
  OCIRuntime:
    name: crun
    package: crun-0.13-1.fc31.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.13
      commit: e79e4de4ac16da0ce48777afb72c6241de870525
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  SwapFree: 5318897664
  SwapTotal: 5368705024
  arch: amd64
  cpus: 16
  eventlogger: journald
  hostname: localhost.localdomain
  kernel: 5.5.13-200.fc31.x86_64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64
    Version: |-
      slirp4netns version 0.4.0-beta.3+dev
      commit: bbd6f25c70d5db2a1cd3bfb0416a8db99a75ed7e
  uptime: 70h 53m 17.5s (Approximately 2.92 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
store:
  ConfigFile: /home/sbadger/.config/containers/storage.conf
  ContainerStore:
    number: 91
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.7.8-1.fc31.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 0.7.8
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  GraphRoot: /home/sbadger/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 129
  RunRoot: /run/user/1000
  VolumePath: /home/sbadger/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.8.2-2.fc31.x86_64

Additional environment details (AWS, VirtualBox, physical, etc.): physical

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 23 (13 by maintainers)

Most upvoted comments

I just ran into this issue, also with a yocto/open-embedded build. For reference, the following command works for me:

podman --storage-opt overlay.mount_program=/usr/bin/fuse-overlayfs --storage-opt overlay.mountopt=nodev,metacopy=on,noxattrs=1 run ...
+1
Rahix on Mar 11, 2021

since you are using fuse-overlayfs, there is an option that tells fuse-overlayfs to disable xattrs support, you can try by creating a container like:

podman --storage-opt overlay.mountopt=noxattrs=1,overlay.mount_program=/usr/bin/fuse-overlayfs run ....

I think this could solve the issue you’ve

+1
giuseppe on Apr 10, 2020
Read more comments on GitHub
← podman: "Could not get runtime: unknown event logger type" on Fedora 31 Beta Silverblue
podman: Ctrl+C doesn't kill the container using `podman run -i` with podman machine →