[podman] crun vs runc as OCI runtime

andrea.ippo · April 16, 2025, 11:23am

Hi,

I use containers for work, and today after a podman system prune to clean up some storage space, stuff that would usually work fine stopped working.

I have reported this issue here:

But I think it boils down to runc vs crun.

My temporary workaround is to let podman use crun (same as fedora), which makes my workflow functional again.

However, I’m curious as to why I’m facing this issue in the first place.

Was TW using crun and did it recently switch to runc?
If not, maybe there’s a regression in runc causing the error, or some very peculiar conditions on my system causing that error to happen…

Info about the error and podman are in that github link.

I can reproduce that error with snapshot 20250414 installed in a VM.

Fresh boot, only package installed was: sudo zypper in python313-podman-compose

Then clone the repo mentioned in the GH issue and try to run it with podman-compose up -d --build --force-recreate

Thanks!

andrea.ippo · April 16, 2025, 11:35am

Update: I can reproduce the error on snapshot 20250414 (freshly installed in a VM).

Fresh boot, only package installed was: sudo zypper in python313-podman-compose

Then clone the repo mentioned in the GH issue and try to run it with podman-compose up -d --build --force-recreate, and you should see the error:

[1/2] STEP 6/6: RUN --mount=type=cache,target=/root/.m2 mvn clean install -Dmaven.test.skip=true
error running container: from /usr/bin/runc creating container for [/bin/sh -c mvn clean install -Dmaven.test.skip=true]: time="2025-04-16T09:57:25+02:00" level=error msg="runc create failed: invalid mount &{Source:/var/tmp/buildah3018145645/mnt/buildah-bind-target-9 Destination:/root/.m2 Device:bind Flags:20480 ClearedFlags:1 PropagationFlags:[1048576] Data:z Relabel: RecAttr:<nil> Extensions:0 IDMapping:<nil>}: bind mounts cannot have any filesystem-specific options applied"

Now install crun instead sudo zypper in crun

And then add:

[engine]
runtime = "/usr/bin/crun"

to ~/.config/containers/containers.conf (create if it doesn’t exist)

Run the previous podman command again, and this time it’ll work, and you’ll see build depencies being pulled into /var/tmp/buildah-cache-1000/<some_id>

albundy83 · April 20, 2025, 9:09pm

I have the exact same error.
Your workaround fixed also for me.
Nothing fancy on my system.

andrea.ippo · April 21, 2025, 5:01am

Glad it helped!

I’ll try to test with runc again once a new release is out.