Bug#1014463: podman-toolbox: Toolbox only works with fedora-toolbox:34

2022-11-17 Thread Sam Morris 
Package: podman-toolbox
Version: 0.0.99.3-1
Followup-For: Bug #1014463
X-Debbugs-Cc: s...@robots.org.uk

I think the log messages are a red herring and the underlying issue is
that the toolbox binary is not able to run inside the container.

Toolbox appears to work by bind-mounting /usr/bin/toolbox into the
container. 'toolbox init-container' is set as the entry point, and it's
_this_ command that's failing to start; but the output isn't shown by
toolbox and you get the generic 'invalid entry point PID of container'
error message instead.

$ toolbox create -i quay.io/centos/centos:stream8
Created container: centos-stream8
Enter with: toolbox enter centos-stream8

$ podman inspect centos-stream8 | jq '.[].ImageName'
"quay.io/centos/centos:stream8"

$ podman inspect centos-stream8 | jq '.[].Config.Cmd' -c

["toolbox","--log-level","debug","init-container","--gid","876099160","--home","/home/sam","--shell","/bin/bash","--uid","1423121","--user","sam","--monitor-host"]

$ podman start --attach centos-stream8
toolbox: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by 
toolbox)

$ podman unshare

# podman mount centos-stream8

/home/sam/.local/share/containers/storage/overlay/02976304f367a933a73eb3590c79acea57dc62e47f2642df560237190ea669b5/merged

# grep ^NAME= 
/home/sam/.local/share/containers/storage/overlay/02976304f367a933a73eb3590c79acea57dc62e47f2642df560237190ea669b5/merged/etc/os-release
 
NAME="CentOS Stream"

# ldd 
/home/sam/.local/share/containers/storage/overlay/02976304f367a933a73eb3590c79acea57dc62e47f2642df560237190ea669b5/merged/lib64/libc.so.6
[...]
Version definitions:
[...]
28 0x00 0x06969187 GLIBC_2.27
GLIBC_2.26 
29 0x00 0x06969188 GLIBC_2.28
GLIBC_2.27 
30 0x00 0x0963cf85 GLIBC_PRIVATE
GLIBC_2.28 
[...]

# exit
exit

I'm not seeing an easy way to fix this... if toolbox is built against
unstable then it's often going to pull in glibc symbols that are newer
than the container images that it tries to run.

In this case it's only a single symbol that is used from GLIBC_2.32.

$ objdump -T /usr/bin/toolbox | fgrep GLIBC_2.32
  DF *UND*   (GLIBC_2.32) 
pthread_sigmask


According to

this is fixed by , which
was closed a year ago. Maybe the libc-wrappers.a static library that
provides this symbol isn't being built by Debian for some reason...

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (570, 'stable-updates'), (570, 'stable-security'), (570, 
'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), 
(530, 'unstable-debug'), (530, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages podman-toolbox depends on:
ii  flatpak  1.10.7-0+deb11u1
ii  libc62.36-4
ii  podman   4.2.0+ds1-3
ii  uidmap   1:4.8.1-1

Versions of packages podman-toolbox recommends:
ii  bash-completion  1:2.11-2

podman-toolbox suggests no packages.

-- no debconf information

Bug#1014463: podman-toolbox: Toolbox only works with fedora-toolbox:34

2022-07-06 Thread David Haller 
Package: podman-toolbox
Version: 0.0.99.3-1
Severity: important
X-Debbugs-Cc: david.hal...@fau.de

Creating a toolbox container with "toolbox create" and running it with "toolbox
enter" works as expected. It uses the image fedora-toolbox:34 per default.

As I wanted to use a more recent version of Fedora, I changed my command to
"toolbox create -r 36" which runs successfully, but toolbox -v enter fedora-
toolbox-36 give the error message "Error: invalid entry point PID of container
fedora-toolbox-36"

I also tried an image with RHEL and one with Arch Linux, both give the same
error message. When I add the -v option to my toolbox command, something
interesting happens:

DEBU Container: 'arch'
DEBU Image: 'fedora-toolbox:34'
DEBU Release: '34'

It seems to me, that toolbox always uses the image for Fedora 34, even if you
explicitly tell them to use a different image, like Fedora 36, RHEL 9, Arch
Linux, or Debian.

toolbox create -c debian -i docker.io/library/debian:latest
toolbox enter debian

DEBU Container: 'debian'
DEBU Image: 'fedora-toolbox:34'
DEBU Release: '34'

Maybe I am just stupid, or the image name is hardcoded to "fedora-toolbox:34".
When I delete all my downloaded images and containers, the behavior stays the
same.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman-toolbox depends on:
ii  flatpak  1.12.7-1
ii  libc62.33-7
ii  podman   3.4.7+ds1-3+b1
ii  uidmap   1:4.11.1+dfsg1-2

Versions of packages podman-toolbox recommends:
ii  bash-completion  1:2.11-6

podman-toolbox suggests no packages.

-- no debconf information