podman container with --userns=keep-id doesn't respect restart policy

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • podman-4.9.4

Issue

  • When running a podman container with --userns=keep-id flag, restart policy --always in neglected and the container exits

Resolution

  • This has been identified as a bug with podman and a JIRA has been created to address the issue
  • Please follow the JIRA to know more about the bug and updates

Update:
- The issue has been fixed and back ported to podman version "4.9.4-rhel". Updating podman package to "4.9.4-rhel" will fix the problem,

$ podman version 
Client:       Podman Engine
Version:      4.9.4-rhel
API Version:  4.9.4-rhel
Go Version:   go1.21.13 (Red Hat 1.21.13-3.module+el8.10.0+22345+acdd8d0e)
Built:        Wed Oct  2 06:01:32 2024
OS/Arch:      linux/amd64

$ podman run -itd --restart always --userns keep-id --name testcontainer ubi8 sleep 5 
1b49c659d35355c73c6aa22d41c05e6688215234ca6cb72002f9f72b0efb22e1

$ podman ps -a
CONTAINER ID  IMAGE                                   COMMAND     CREATED        STATUS        PORTS       NAMES
1b49c659d353  registry.access.redhat.com/ubi8:latest  sleep 5     2 seconds ago  Up 2 seconds              testcontainer

$ podman ps -a
CONTAINER ID  IMAGE                                   COMMAND     CREATED        STATUS        PORTS       NAMES
1b49c659d353  registry.access.redhat.com/ubi8:latest  sleep 5     7 seconds ago  Up 2 seconds              testcontainer

$ podman ps -a
CONTAINER ID  IMAGE                                   COMMAND     CREATED         STATUS        PORTS       NAMES
1b49c659d353  registry.access.redhat.com/ubi8:latest  sleep 5     13 seconds ago  Up 3 seconds              testcontainer

Diagnostic Steps

$ podman run -itd --name test --userns keep-id --restart always ubi8-minimal sleep 5
4f7010daf35c66fc9d1480d91e07ca914b19008eefa28ebeb3dd1008ea3e1d0d

$ podman ps -a
CONTAINER ID  IMAGE                                           COMMAND     CREATED        STATUS                    PORTS       NAMES
4f7010daf35c  registry.access.redhat.com/ubi8-minimal:latest  sleep 5     2 minutes ago  Exited (0) 2 minutes ago              test
  • Container should ideally keep restarting endlessly since the flag --restart=always is specified which means it should restart every time the process running inside the container is completed

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments