Cannot execute getent when running scratch image in podman.

[daiaji]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description
Cannot execute getent when running scratch image in podman.
But it works in docker.

Steps to reproduce the issue:

1.podman run docker.io/filebrowser/filebrowser

Describe the results you received:

2021/02/15 15:21:09 exec: "getent": executable file not found in $PATH

Describe the results you expected:

Filebrowser image can work for me in podman.

Additional information you deem important (e.g. issue happens only occasionally):

There are some discussions on filebrowser's issues.

Output of podman version:

podman version
Version:      3.0.0
API Version:  3.0.0
Go Version:   go1.15.8
Git Commit:   5b2585f5e91ca148f068cefa647c23f8b1ade622
Built:        Fri Feb 12 06:22:46 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.19.2
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: /usr/bin/conmon is owned by conmon 1:2.0.26-1
    path: /usr/bin/conmon
    version: 'conmon version 2.0.26, commit: 0e155c83aa739ef0a0540ec9f9d265f57f68038b'
  cpus: 1
  distribution:
    distribution: manjaro
    version: unknown
  eventLogger: journald
  hostname: vps
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
  kernel: 5.10.16-1-MANJARO
  linkmode: dynamic
  memFree: 10375168
  memTotal: 498393088
  ociRuntime:
    name: crun
    package: /usr/bin/crun is owned by crun 0.17-1
    path: /usr/bin/crun
    version: |-
      crun version 0.17
      commit: 0e9229ae34caaebcb86f1fde18de3acaf18c6d9a
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: /usr/bin/slirp4netns is owned by slirp4netns 1.1.8-1
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 439668736
  swapTotal: 498388992
  uptime: 45m 18.56s
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  configFile: /home/test/.config/containers/storage.conf
  containerStore:
    number: 7
    paused: 0
    running: 6
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: /usr/bin/fuse-overlayfs is owned by fuse-overlayfs 1.4.0-1
      Version: |-
        fusermount3 version: 3.10.2
        fuse-overlayfs: version 1.4
        FUSE library version 3.10.2
        using FUSE kernel interface version 7.31
  graphRoot: /home/test/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 7
  runRoot: /run/user/1000/containers
  volumePath: /home/test/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 1613082166
  BuiltTime: Fri Feb 12 06:22:46 2021
  GitCommit: 5b2585f5e91ca148f068cefa647c23f8b1ade622
  GoVersion: go1.15.8
  OsArch: linux/amd64
  Version: 3.0.0

Package info (e.g. output of rpm -q podman or apt list podman):

Name            : podman
Version         : 3.0.0-1
Description     : Tool and library for running OCI-based containers in pods
Architecture    : x86_64
URL             : https://github.com/containers/libpod
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : cni-plugins  conmon  containers-common  device-mapper  iptables  libseccomp  runc  slirp4netns  libsystemd  fuse-overlayfs  libgpgme.so=11-64
Optional Deps   : podman-docker: for Docker-compatible CLI
                  btrfs-progs: support btrfs backend devices [installed]
                  catatonit: --init flag support
                  crun: support for unified cgroupsv2 [installed]
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 79.32 MiB
Packager        : Morten Linderud <[email protected]>
Build Date      : Fri Feb 12 06:22:46 2021
Install Date    : Mon Feb 15 17:42:49 2021
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

physical

[vrothberg]

Thanks for reaching out!

This seems to be a crun issue. It works with runc. @giuseppe PTAL

[giuseppe]

the issue seems to be that podman sets HOME=. runc considers it as not set (probably testing os.Getenv() != ""?) while crun considers it set and doesn't touch its value.

I think the crun behavior is correct and considers HOME= as set.

In any case, if the image requires HOME to be set otherwise it fails, then I think it must be set explicitely in the image and do not depend on an undefined behavior

[vrothberg]

I agree that the image should set the variable but Podman aims at Docker compatibility. @giuseppe would you reconsider changing the behavior of crun or should we consider changing the behavior in Podman and not set HOME= ?

[vrothberg]

I reopen to find a solution to achieve compat.

[giuseppe]

then I think we should address it in Podman to not set HOME= if it cannot find any better value

[giuseppe]

the issue also happens in crun when there is no HOME set and the /etc/passwd file doesn't exist as in the image above: containers/crun#599

[vrothberg]

Podman-side fix: #9399

[Asgoret]

@vrothberg not fixed) how to fix it?

[vrothberg]

@Asgoret, @giuseppe fixed the remainder in crun (see containers/crun#599). He just cut a new release.

[Asgoret]

@vrothberg It's not the only issue in 3.x) Look at #8893 (comment)

[vrothberg]

@vrothberg It's not the only issue in 3.x) Look at #8893 (comment)

Certainly there are more than one issue :) Thanks for reporting! We'll tackle reported issues as fast as we can.