[containerd snapshotter] Prune attempts to remove untagged/dangling images still in use by running containers #45732
Description
Description
Running Docker Desktop with the experimental containerd integration for Engine enabled.
After running a prune, I started getting some "Unable to calculate image disk size" errors, and noticed that docker system df was returning errors:
Error response from daemon: failed to retrieve container list: content digest sha256:<digest>: not found
The listed digest corresponding to a running container's image's digest. The image was untagged, though it previously HAD been. Looking back in terminal history, the listed digest was deleted by the prune operation.
Reproduce
docker run --rm -d nginxdocker image rm -f nginxdocker system prune -adocker system df
Error response from daemon: failed to retrieve container list: content digest sha256:0bb91b50c42bc6677acff40ea0f050b655c5c2cc1311e783097a04061191340b: not found
Expected behavior
Running docker system prune -a does not remove images for running containers:
WARNING! This will remove:
- all images without at least one container associated to them
(These images have at least one container associated with them.)
docker version
Client:
Cloud integration: v1.0.33
Version: 24.0.2
API version: 1.43
Go version: go1.20.4
Git commit: cb74dfc
Built: Thu May 25 21:51:16 2023
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.21.0 (111569)
Engine:
Version: 24.0.2-38-g8e70a1b23e
API version: 1.43 (minimum version 1.12)
Go version: go1.20.4
Git commit: 8e70a1b23e965d86ec8c2feb77605196ae124630
Built: Fri Jun 2 15:58:50 2023
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.21
GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc:
Version: 1.1.7
GitCommit: v1.1.7-0-g860f061
docker-init:
Version: 0.19.0
GitCommit: de40ad0docker info
Client:
Version: 24.0.2
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.5
Path: /Users/milas/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.18.1
Path: /Users/milas/.docker/cli-plugins/docker-compose
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.0
Path: /Users/milas/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.19
Path: /Users/milas/.docker/cli-plugins/docker-extension
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v0.1.0-beta.4
Path: /Users/milas/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/milas/.docker/cli-plugins/docker-sbom
scan: Docker Scan (Docker Inc.)
Version: v0.26.0
Path: /Users/milas/.docker/cli-plugins/docker-scan
scout: Command line tool for Docker Scout (Docker Inc.)
Version: v0.12.0
Path: /Users/milas/.docker/cli-plugins/docker-scout
Server:
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 0
Server Version: 24.0.2-38-g8e70a1b23e
Storage Driver: stargz
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 5
Total Memory: 7.667GiB
Name: docker-desktop
ID: 56ef67c8-804a-4b75-b1d0-16afaa01050d
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
I'm a Docker Inc employee / running an internal/nightly build of Docker Desktop