Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu Control: affects -1 + src:podman X-Debbugs-Cc: pod...@packages.debian.org
[ Reason ]podman in bookworm suffers from a race condition which causes the "network ls" command to fail intermittently in certain scenarios
[ Impact ]The issue is responsible for intermittent failures when using podman as a GitLab CI runner executor and the 'FF_NETWORK_PER_BUILD' runner flag is enabled. This bug has been reported on the BTS at #1059496.
[ Risk ]Low, the patch is small (3 lines) and is strictly designed to gracefully handle the identified race condition.
[ Tests ]Autopkgtests are passing, and we've deployed this package on a small fleet of GitLab CI runners for several weeks without issue of any kind, and confirming the failures caused by the race condition do not occur anymore.
[ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ]The debdiff consists of the addition of a patch cherry-picked from upstream to gracefully handle a race condition in the "network ls" podman subcommand.
Thank you. -- Jérôme
diff -Nru libpod-4.3.1+ds1/debian/changelog libpod-4.3.1+ds1/debian/changelog --- libpod-4.3.1+ds1/debian/changelog 2023-04-30 08:19:54.000000000 -0400 +++ libpod-4.3.1+ds1/debian/changelog 2024-02-26 09:30:29.000000000 -0500 @@ -1,3 +1,10 @@ +libpod (4.3.1+ds1-8+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * d/patches: backport fix for removed container handling + + -- Jérôme Charaoui <jer...@riseup.net> Mon, 26 Feb 2024 09:30:29 -0500 + libpod (4.3.1+ds1-8) unstable; urgency=medium * [upstream] unbreak using docker as client diff -Nru libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch --- libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch 1969-12-31 19:00:00.000000000 -0500 +++ libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch 2024-02-26 09:30:29.000000000 -0500 @@ -0,0 +1,28 @@ +From: Valentin Rothberg <vrothb...@redhat.com> +Date: Mon, 6 Feb 2023 13:52:40 +0100 +Subject: [PATCH] network ls: handle removed container + +Handle a race condition in the REST API when listing networks. +In between listing all containers and inspecting them, they may have +already been removed, so handle this case gracefully. + +[NO NEW TESTS NEEDED] as it's a race condition. + +Fixes: #17341 + +Forwarded: not-needed +Origin: upstream, https://github.com/containers/podman/commit/ced934284058232c1c3d76956786106d64511f89 +diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go +index 704af4b0e427..587da14361eb 100644 +--- a/pkg/api/handlers/compat/networks.go ++++ b/pkg/api/handlers/compat/networks.go +@@ -74,6 +74,9 @@ func convertLibpodNetworktoDockerNetwork(runtime *libpod.Runtime, network *netty + for _, con := range cons { + data, err := con.Inspect(false) + if err != nil { ++ if errors.Is(err, define.ErrNoSuchCtr) || errors.Is(err, define.ErrCtrRemoved) { ++ continue ++ } + return nil, err + } + if netData, ok := data.NetworkSettings.Networks[network.Name]; ok { diff -Nru libpod-4.3.1+ds1/debian/patches/series libpod-4.3.1+ds1/debian/patches/series --- libpod-4.3.1+ds1/debian/patches/series 2023-04-30 08:19:54.000000000 -0400 +++ libpod-4.3.1+ds1/debian/patches/series 2024-02-26 09:30:29.000000000 -0500 @@ -3,3 +3,4 @@ CVE-2023-0778.patch fix-podman-client.patch show-graphroot-before-removal.patch +fix-removed-container-handling.patch
OpenPGP_signature.asc
Description: OpenPGP digital signature
