error preparing container for attach: lsetxattr elasticsearch.yml operation not supported

[typekpb]

Describe the bug
Running docker-elk from: https://github.com/deviantony/docker-elk fails to start.

To Reproduce
Steps to reproduce the behavior:

git clone https://github.com/deviantony/docker-elk.git
cd docker-elk
podman-compose up

Expected behavior
ELK stack starts.

Actual behavior
ELK stack startup fails with error

Output

$ podman-compose version
podman-compose version: 1.0.4
['podman', '--version', '']
using podman version: 4.1.1
podman-composer version 1.0.4
podman --version
podman version 4.1.1
exit code: 0

$ podman-compose up
podman-compose version: 1.0.4
['podman', '--version', '']
using podman version: 4.1.1
** excluding:  set()
['podman', 'inspect', '-t', 'image', '-f', '{{.Id}}', 'docker-elk_elasticsearch']
['podman', 'inspect', '-t', 'image', '-f', '{{.Id}}', 'docker-elk_setup']
['podman', 'inspect', '-t', 'image', '-f', '{{.Id}}', 'docker-elk_logstash']
['podman', 'inspect', '-t', 'image', '-f', '{{.Id}}', 'docker-elk_kibana']
['podman', 'ps', '--filter', 'label=io.podman.compose.project=docker-elk', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman pod create --name=pod_docker-elk --infra=false --share=
ecfbff01f7dd7486d5f50d30ff5bb05f91b7d5b6c1caaafee6b0e89ab3a9705c
exit code: 0
podman volume inspect docker-elk_elasticsearch || podman volume create docker-elk_elasticsearch
['podman', 'volume', 'inspect', 'docker-elk_elasticsearch']
['podman', 'network', 'exists', 'docker-elk_elk']
podman create --name=docker-elk_elasticsearch_1 --pod=pod_docker-elk --label io.podman.compose.config-hash=96ff242820bcac2c8eaf55dd5ea7ec8298b3f64f6d4f84b411c9ffe8f5aa0e45 --label io.podman.compose.project=docker-elk --label io.podman.compose.version=1.0.4 --label com.docker.compose.project=docker-elk --label com.docker.compose.project.working_dir=/Users/butkovic/all/projects/20220318_CV_index/unofficial/docker-elk --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=elasticsearch -e ES_JAVA_OPTS=-Xms512m -Xmx512m -e ELASTIC_PASSWORD=changeme -e discovery.type=single-node -v /Users/foo/docker-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:z,ro -v docker-elk_elasticsearch:/usr/share/elasticsearch/data:z --net docker-elk_elk --network-alias elasticsearch -p 9200:9200 -p 9300:9300 docker-elk_elasticsearch
6c90495e396155f61690d6fad64786567a97176ee69596b1711c68b13f7b689f
exit code: 0
podman volume inspect docker-elk_setup || podman volume create docker-elk_setup
['podman', 'volume', 'inspect', 'docker-elk_setup']
['podman', 'network', 'exists', 'docker-elk_elk']
podman create --name=docker-elk_setup_1 --pod=pod_docker-elk --requires=docker-elk_elasticsearch_1 --label io.podman.compose.config-hash=96ff242820bcac2c8eaf55dd5ea7ec8298b3f64f6d4f84b411c9ffe8f5aa0e45 --label io.podman.compose.project=docker-elk --label io.podman.compose.version=1.0.4 --label com.docker.compose.project=docker-elk --label com.docker.compose.project.working_dir=/Users/butkovic/all/projects/20220318_CV_index/unofficial/docker-elk --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=setup -e ELASTIC_PASSWORD=changeme -e LOGSTASH_INTERNAL_PASSWORD=changeme -e KIBANA_SYSTEM_PASSWORD=changeme -v docker-elk_setup:/state:Z --net docker-elk_elk --network-alias setup --init docker-elk_setup
91b13f0e53f192d40cd06fbdf65e0accf16d8f3962a0529572331f34bf240155
exit code: 0
['podman', 'network', 'exists', 'docker-elk_elk']
podman create --name=docker-elk_logstash_1 --pod=pod_docker-elk --requires=docker-elk_elasticsearch_1 --label io.podman.compose.config-hash=96ff242820bcac2c8eaf55dd5ea7ec8298b3f64f6d4f84b411c9ffe8f5aa0e45 --label io.podman.compose.project=docker-elk --label io.podman.compose.version=1.0.4 --label com.docker.compose.project=docker-elk --label com.docker.compose.project.working_dir=/Users/butkovic/all/projects/20220318_CV_index/unofficial/docker-elk --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=logstash -e LS_JAVA_OPTS=-Xms256m -Xmx256m -e LOGSTASH_INTERNAL_PASSWORD=changeme -v /Users/foo/docker-elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:Z,ro -v /Users/foo/docker-elk/logstash/pipeline:/usr/share/logstash/pipeline:Z,ro --net docker-elk_elk --network-alias logstash -p 5044:5044 -p 5000:5000/tcp -p 5000:5000/udp -p 9600:9600 docker-elk_logstash
f15d5f8f8e8d10c4227a240b1fcf31b2d5dfc9ba4bc597200a06c6d5e4253f90
exit code: 0
['podman', 'network', 'exists', 'docker-elk_elk']
podman create --name=docker-elk_kibana_1 --pod=pod_docker-elk --requires=docker-elk_elasticsearch_1 --label io.podman.compose.config-hash=96ff242820bcac2c8eaf55dd5ea7ec8298b3f64f6d4f84b411c9ffe8f5aa0e45 --label io.podman.compose.project=docker-elk --label io.podman.compose.version=1.0.4 --label com.docker.compose.project=docker-elk --label com.docker.compose.project.working_dir=/Users/butkovic/all/projects/20220318_CV_index/unofficial/docker-elk --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=kibana -e KIBANA_SYSTEM_PASSWORD=changeme -v /Users/foo/docker-elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:Z,ro --net docker-elk_elk --network-alias kibana -p 5601:5601 docker-elk_kibana
0339266b82050414f837fced610c8b1469d4a77a8c20c8c1011e93f26df79710
exit code: 0
podman start -a docker-elk_elasticsearch_1
Error: unable to start container 6c90495e396155f61690d6fad64786567a97176ee69596b1711c68b13f7b689f: error preparing container 6c90495e396155f61690d6fad64786567a97176ee69596b1711c68b13f7b689f for attach: lsetxattr /Users/foo/docker-elk/elasticsearch/config/elasticsearch.yml: operation not supported
exit code: 125
podman start -a docker-elk_setup_1
Error: unable to start container 91b13f0e53f192d40cd06fbdf65e0accf16d8f3962a0529572331f34bf240155: error preparing container 91b13f0e53f192d40cd06fbdf65e0accf16d8f3962a0529572331f34bf240155 for attach: error starting some containers: internal libpod error
exit code: 125
podman start -a docker-elk_logstash_1
Error: unable to start container f15d5f8f8e8d10c4227a240b1fcf31b2d5dfc9ba4bc597200a06c6d5e4253f90: error preparing container f15d5f8f8e8d10c4227a240b1fcf31b2d5dfc9ba4bc597200a06c6d5e4253f90 for attach: error starting some containers: internal libpod error
exit code: 125
podman start -a docker-elk_kibana_1
Error: unable to start container 0339266b82050414f837fced610c8b1469d4a77a8c20c8c1011e93f26df79710: error preparing container 0339266b82050414f837fced610c8b1469d4a77a8c20c8c1011e93f26df79710 for attach: error starting some containers: internal libpod error
exit code: 125

Environment:

• OS: Mac
• podman version: 4.1.1
• podman compose version: 1.0.4

[muayyad-alsadi]

this is not related to podman-compose
it seems that the paths used in the compose file
like ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,z
lives on Mac and Mac does not support lsetxattr
try to remove the z or Z in relative paths (but not in the named volumes)

      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,z # <---------- this is relative which lives on Mac
      - elasticsearch:/usr/share/elasticsearch/data:z # <-- this is not relative, this is named volume

[typekpb]

@muayyad-alsadi , thanks for the fast answer. Problem solved.
However, as the lsetxattr is not supported on MacOS, should not podman-compose prevent propagating the specific flag to podman on MacOS? Or should I rather raise this in podman bug tracker?

[rhatdan]

:Z might eventually be supported on a MAC(I hope this will happen when we move to virtiofsd). Anyways Podman will not make decisions on user or APIs asking for :Z. It will just attempt to relabel.

[ssbarnea]

Apparently I hit the same bug, on macos if the volume mount contains :Z, the mounting fails with operation not supported.

[dre-hh]

:z is not supported but without :z it is not permitted 😢

[yutotakano]

:z is required to use bind volumes for PostgreSQL because of docker-library/postgres#116. This means that currently, it is impossible to use Mac + Podman (Rootless) + PostgreSQL (with bind volume). This is a bit sad situation, it seems like a very common usecase. Hope it changes sometime.

[HarryGPotter]

Hi all, any update/suggestion on this issue?
I'm just trying to start a simple postgres container with podman 4.7.0 on my M1 Mac Book Air. The command is as simple as

podman run -v ./data:/var/lib/postgresql/data -e POSTGRES_USER=myuser,POSTGRES_PASSWORD=mypassword,POSTGRES_DB=mydb postgres
I just get "chown: changing ownership of '/var/lib/postgresql/data': Operation not permitted"

And if I appen ":z" to ./data:/var/lib/postgresql/data:z I get:

Error: preparing container ... for attach: lsetxattr /Users/gion/projects/GiocoBank/data: operation not supported

How can I start a simple posgresql container with a persistent database?

Thanks for the help!

[iolloyd]

I had similar issues. On my macbook m1, I had to remove the :z attribute in the command, and ensure the permissions were open on my local folder mapped to the container's folder for storage.