-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UDev rule based usb devices are not handled correctly after replugging #24093
Comments
@giuseppe PTAL |
Is your container creating a lot of files on its overlay upper directory? Otherwise recreating the container is not much more expensive than restarting it. Once resolved, the original symlink does not affect what the container sees. You could try |
@giuseppe I already "fixed" it by mounting the /dev inside the container. No additional mount or mount type was needed. But this is a security hole in my opinion, because it gives also access to other devices. the container itself is creating a lot of files, because it is initializing several minutes and is downloading a lot of additional "plugins" based on configs. (https://hub.docker.com/r/openhab/openhab) the reason why I create this bug ticket is that docker was able to handle this and I guess, your goal is to be as compatible as much as possible. I ported all of my 31 different containers from docker to podman and this is the only thing which behaves completely differently. The rest had only minor differences where I was able to find a proper replacement. With podman inspect the related part looks like
with docker inspect it looks like
inside the docker container it looks like
on my host it looks like
|
I read somewhere since kernel v5.12+ bind mount supports symlinks with the flag AT_SYMLINK_NOFOLLOW on files. |
@giuseppe is there a realistic chance that this problem will be fixed sometimes? Or is there another reason why this symlink is always resolved? |
Issue Description
I recently migrated all my docker containers to podman. There are 34 containers of different types. I was amazed at how easy and straightforward it was.
But one problem remains. I have 2 containers that access devices that are created via a UDev rule. They are USB sticks that create symlinks using a udev rule. These in turn are mounted in the container.
So far it works under podman. The problem under podman is the bind mount, which mounts the inode of the dissolved device.
i.e. after a reboot or when the USB stick is plugged in again, the device is available under a different /dev/USBX. The UDEV rule ensures that it is available under the same symlink. Only the container still points to the old USB device.
This was not a problem under Docker and worked for years.
What is the recommended way to deal with this problem?
Currently, the container has to be recreated, which is absolute overkill. Currently, I only start my 34 containers after a reboot again. Recreating them all on suspicion would slow down the entire startup process extremely and also present me with new problems.
Steps to reproduce the issue
Steps to reproduce the issue
Describe the results you received
mounted symlink point to the wrong device
Describe the results you expected
mounted symlink should point to the correct device
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
No
Additional environment details
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: