mount: null deref when not running with a userns #25241
Description
Issue Description
I got this NULL deref when trying podman mount in a container set up for nested container builds, without outer privileges (i.e. I'd been using mount_program = fuse-overlayfs and also BUILDAH_ISOLATION=chroot):
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x56090fdff30a]
goroutine 1 gp=0xc0000041c0 m=7 mp=0xc000480008 [running]:
panic({0x5609107295c0?, 0x560911680050?})
/usr/lib/golang/src/runtime/panic.go:804 +0x168 fp=0xc00004b5e0 sp=0xc00004b530 pc=0x56090ed0c4c8
runtime.panicmem(...)
/usr/lib/golang/src/runtime/panic.go:262
runtime.sigpanic()
/usr/lib/golang/src/runtime/signal_unix.go:900 +0x359 fp=0xc00004b640 sp=0xc00004b5e0 pc=0x56090ed0e8f9
github.com/containers/podman/v5/libpod.(*storageService).MountContainerImage(0x0, {0xc0000e9a00?, 0x56090faf888f?})
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/libpod/storage.go:211 +0x2a fp=0xc00004b6f8 sp=0xc00004b640 pc=0x56090fdff30a
github.com/containers/podman/v5/libpod.(*Container).mount(0xc0005168c0)
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/libpod/container_internal.go:2465 +0xe5 fp=0xc00004b7d0 sp=0xc00004b6f8 pc=0x56090fd52ac5
github.com/containers/podman/v5/libpod.(*Container).Mount(0xc0005168c0?)
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/libpod/container_api.go:417 +0xc5 fp=0xc00004b848 sp=0xc00004b7d0 pc=0x56090fd257e5
github.com/containers/podman/v5/pkg/domain/infra/abi.(*ContainerEngine).ContainerMount(0xc0001268d0, {0xcc58600b00000000?, 0xc00004b9b0?}, {0xc000297130, 0x1, 0x0?}, {0x0, {0x0, 0x0}, 0x0, ...})
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/pkg/domain/infra/abi/containers.go:1398 +0x552 fp=0xc00004ba60 sp=0xc00004b848 pc=0x56090fe735f2
github.com/containers/podman/v5/cmd/podman/containers.mount(0x5609116d2580, {0xc000296b30, 0x1, 0x1?})
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/cmd/podman/containers/mount.go:90 +0x24c fp=0xc00004bbc0 sp=0xc00004ba60 pc=0x56090ffb45cc
github.com/spf13/cobra.(*Command).execute(0x5609116d2580, {0xc000148040, 0x1, 0x1})
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/vendor/github.com/spf13/cobra/command.go:985 +0xaaa fp=0xc00004bd48 sp=0xc00004bbc0 pc=0x56090f1cc0aa
github.com/spf13/cobra.(*Command).ExecuteC(0x5609116b25c0)
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/vendor/github.com/spf13/cobra/command.go:1117 +0x3ff fp=0xc00004be20 sp=0xc00004bd48 pc=0x56090f1cc97f
github.com/spf13/cobra.(*Command).Execute(...)
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/vendor/github.com/spf13/cobra/command.go:1041
github.com/spf13/cobra.(*Command).ExecuteContext(...)
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/vendor/github.com/spf13/cobra/command.go:1034
main.Execute()
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/cmd/podman/root.go:116 +0xb4 fp=0xc00004bea8 sp=0xc00004be20 pc=0x5609100993f4
main.main()
/builddir/build/BUILD/podman-4cbdfde5d862dcdbe450c0f1d76ad75360f67a3c/cmd/podman/main.go:61 +0x4b2 fp=0xc00004bf50 sp=0xc00004bea8 pc=0x560910098b52
runtime.main()
/usr/lib/golang/src/runtime/proc.go:272 +0x29d fp=0xc00004bfe0 sp=0xc00004bf50 pc=0x56090ecd56bd
runtime.goexit({})
/usr/lib/golang/src/runtime/asm_amd64.s:1700 +0x1 fp=0xc00004bfe8 sp=0xc00004bfe0 pc=0x56090ed15001
It looks like the code flow that ends up leaving this null is
Line 441 in 2d42b13
Probably a root confusion here is BUILDAH_ISOLATION=chroot not controlling podman in general?
I guess really the thing to aim for here is not using chroot isolation, but ensuring we have at least the more reasonable scenario of a userns in the outer container (actually, the default for rootless). Which I guess all of this is effectively equivalent to containers/buildah#5818
But anyways, just filing this in case we care; we could at least avoid crashing.
Steps to reproduce the issue
See above
Describe the results you received
panic
Describe the results you expected
At least a useful error
podman info output
# podman info
host:
arch: amd64
buildahVersion: 1.38.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: conmon-2.1.12-3.el10.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: '
cpuUtilization:
idlePercent: 99.93
systemPercent: 0.02
userPercent: 0.05
cpus: 16
databaseBackend: sqlite
distribution:
distribution: centos
version: "10"
eventLogger: file
freeLocks: 2048
hostname: 95494d3fbb0f
idMappings:
gidmap: null
uidmap: null
kernel: 6.11.3-200.fc40.x86_64
linkmode: dynamic
logDriver: k8s-file
memFree: 1593704448
memTotal: 8314159104
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.13.1-1.el10.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.13.1
package: netavark-1.13.1-1.el10.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.13.1
ociRuntime:
name: crun
package: crun-1.19-1.el10.x86_64
path: /usr/bin/crun
version: |-
crun version 1.19
commit: db31c42ac46e20b5527f5339dcbf6f023fcd539c
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20241121.g238c69f-1.el10.x86_64
version: |
pasta 0^20241121.g238c69f-1.el10.x86_64
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 0
swapTotal: 0
uptime: 175h 59m 4.00s (Approximately 7.29 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.access.redhat.com
- registry.redhat.io
- docker.io
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.mount_program:
Executable: /usr/bin/fuse-overlayfs
Package: fuse-overlayfs-1.14-2.el10.x86_64
Version: |-
fusermount3 version: 3.16.2
fuse-overlayfs: version 1.13-dev
FUSE library version 3.16.2
using FUSE kernel interface version 7.38
overlay.mountopt: nodev,fsync=0
graphRoot: /var/lib/containers/storage
graphRootAllocated: 106769133568
graphRootUsed: 100942483456
graphStatus:
Backing Filesystem: overlayfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.3.1
Built: 1733097600
BuiltTime: Mon Dec 2 00:00:00 2024
GitCommit: ""
GoVersion: go1.23.1 (Red Hat 1.23.1-3.el10)
Os: linux
OsArch: linux/amd64
Version: 5.3.1Podman in a container
Yes
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
podman-5.3.1-3.el10.x86_64
Additional information
No response