Skip to content

Warning is not always printed when using a poststop hook with /bin/false #1945

@eriksjolund

Description

@eriksjolund
  1. Build crun from git main branch (git commit 96e9b99) and install the binary to ~/crun/crun
  2. Create hooks dir
    mkdir $HOME/hooks.d
    
  3. Create policy file $HOME/hooks.d/foobar.json containing
    {
      "version": "1.0.0",
      "hook": {
        "path": "/bin/false"
      },
      "when": {
        "annotations": {
          "^myannotation$": "yes"
        }
      },
      "stages": ["poststop"]
    }
    
  4. Create file $HOME/test.bash containing
    #!/bin/bash
    set -o nounset
    runtime=$1
    podman \
      --runtime $runtime \
      --hooks-dir ~/hooks.d \
      run \
      --pull never \
      --rm \
      --annotation myannotation=yes \
      docker.io/library/alpine \
      sh -c "echo hello"
    
    echo return value = $?
    
  5. Run bash test.bash ~/crun/crun a few times
    $ bash test.bash ~/crun/crun
    hello
    WARN[0000] Container 66b7ba585f7e989d8078c29992fab3624e71507d2af0d79f5fd586639f7f0527: poststop hook 0: executing []: exit status 1 
    return value = 0
    $ bash test.bash ~/crun/crun
    hello
    return value = 0
    $
    
    result: The warning is not always printed.

discussion

Should the warning always be printed?

side note:
I tried the same with runc but got similar results.

about the system

crun built from git main branch (git commit 96e9b99)

runc version 1.4.0

podman version 5.7.1

$ ~/crun/crun --version
crun version 1.26.0.0.0.1-96e9b
commit: 96e9b992c6839c84c83327d51b1808b7719e8c4d
rundir: /run/user/1005/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
$ podman --version
podman version 5.7.1
$ runc --version
runc version 1.4.0
spec: 1.3.0
go: go1.25.4 X:nodwarf5
libseccomp: 2.6.0
$ rpm-ostree status
State: idle
warning: Failed to query journal: couldn't find current boot in journal
Deployments:
● ostree-image-signed:docker://quay.io/fedora/fedora-coreos:rawhide
                   Digest: sha256:32e07fd28e5fa8a9417334ed11b227670c95321eaf8194e2451410438e424502
                  Version: 44.20251219.91.0 (2025-12-19T07:37:08Z)
          LayeredPackages: docker-buildkit docker-buildx emacs-nox golang make

  ostree-image-signed:docker://quay.io/fedora/fedora-coreos:rawhide
                   Digest: sha256:32e07fd28e5fa8a9417334ed11b227670c95321eaf8194e2451410438e424502
                  Version: 44.20251219.91.0 (2025-12-19T07:37:08Z)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions