Quadlet no longer part of Application Group after removal and reinstallation

[kavishgr]

Issue Description

I've been playing around with Quadlets and think I found a weird issue related to a quadlet application. The application contains 2 containers. When I stop and remove one of them and then re-install it, the quadlet is no longer part of the application.

Steps to reproduce the issue

Steps to reproduce the issue

Podman Version and rpm -q:

> podman version
Client:        Podman Engine
Version:       5.6.2
API Version:   5.6.2
Go Version:    go1.25.1 X:nodwarf5
Git Commit:    9dd5e1ed33830612bc200d7a13db00af6ab865a4
Built:         Tue Sep 30 04:00:00 2025
Build Origin:  Fedora Project
OS/Arch:       linux/arm64

> rpm -q podman
podman-5.6.2-1.fc43.aarch64

1. I have two non-dependent quadlets, pg17.container and pg17-nginx.container, both installed from the same directory:

> ls -l postgres-17-test/
total 8
-rw-r--r--. 1 core core 185 Nov 20 17:33 pg17-nginx.container
-rw-r--r--. 1 core core 276 Nov 20 17:29 pg17.container

Making them part of the same application group (.postgres-17-test.app).

The contents of both files:

• pg17.container

[Container]
Image=docker.io/library/postgres:17-alpine
ContainerName=pg17
PublishPort=54317:5432
# Volume=/var/home/core/homelab/volumes/pg17:/var/lib/postgresql/data:Z
Environment=POSTGRES_PASSWORD=postgres
[Service]
Restart=always
[Install]
WantedBy=default.target

• pg17-nginx.container:

[Container]
Image=docker.io/library/nginx:mainline-alpine
ContainerName=pg17-nginx
PublishPort=8282:80
[Service]
Restart=always
[Install]
WantedBy=default.target

2. Install and start both quadlets(both are part of the .postgres-17-test.app group):

> podman quadlet install postgres-17-test/
/var/home/core/.config/containers/systemd/pg17-nginx.container
/var/home/core/.config/containers/systemd/pg17.container

> systemctl start --user pg17 pg17-nginx

> podman quadlet list
NAME                  UNIT NAME           PATH ON DISK                                                    STATUS          APPLICATION
pg17-nginx.container  pg17-nginx.service  /var/home/core/.config/containers/systemd/pg17-nginx.container  active/running  .postgres-17-test.app
pg17.container        pg17.service        /var/home/core/.config/containers/systemd/pg17.container        active/running  .postgres-17-test.app

3. Stop the pg17 unit:

> systemctl --user stop pg17

> podman quadlet list
NAME                  UNIT NAME           PATH ON DISK                                                    STATUS          APPLICATION
pg17-nginx.container  pg17-nginx.service  /var/home/core/.config/containers/systemd/pg17-nginx.container  active/running  .postgres-17-test.app
pg17.container        pg17.service        /var/home/core/.config/containers/systemd/pg17.container        inactive/dead   .postgres-17-test.app

4. Remove the pg17 quadlet and as we can see the pg17-nginx quadlet is not part of the application(the application field is empty):

> podman quadlet rm pg17.container
pg17.container
Error: unable to remove Quadlet pg17-nginx.container: quadlet pg17-nginx.container is running and force is not set, refusing to remove
Error: some quadlets could not be removed

>  podman quadlet list
NAME                  UNIT NAME           PATH ON DISK                                                    STATUS          APPLICATION
pg17-nginx.container  pg17-nginx.service  /var/home/core/.config/containers/systemd/pg17-nginx.container  active/running

Just a side note: If I did a podman quadlet rm -f pg17.container instead of stopping the service first with systemctl --user stop pg17, both the pg17 and pg17-nginx would have been removed. This is an expected behaviour as mentioned in the podman-quadlet-rm docs.

5. Reinstalling the quadlets only adds the missing pg17.container. The pg17-nginx.container is skipped as it still exists:

> podman quadlet install postgres-17-test/
/var/home/core/.config/containers/systemd/pg17.container
Error: quadlet "postgres-17-test/pg17-nginx.container" failed to install: a Quadlet with name pg17-nginx.container already exists, refusing to overwrite
Error: errors occurred installing some Quadlets

6. Now only the newly installed quadlet (pg17.container) is correctly assigned to the application group. The pg7-nginx.container unit remains orphaned from the group, even though it was originally part of it:

> podman quadlet list
NAME                  UNIT NAME           PATH ON DISK                                                    STATUS          APPLICATION
pg17-nginx.container  pg17-nginx.service  /var/home/core/.config/containers/systemd/pg17-nginx.container  active/running
pg17.container        pg17.service        /var/home/core/.config/containers/systemd/pg17.container        active/running  .postgres-17-test.app

7. You won't be able to use podman quadlet rm [application] either because the active container, which was part of the quadlet, no longer has an 'application' status. Therefore, removal needs to be done manually, and this doesn't give us a clue whether the container was part of an application beforehand:

> podman quadlet rm -f .postgres-17-test.app
Error: unable to remove Quadlet: must provide at least 1 quadlet to remove

> podman quadlet list
NAME                  UNIT NAME           PATH ON DISK                                                    STATUS          APPLICATION
pg17-nginx.container  pg17-nginx.service  /var/home/core/.config/containers/systemd/pg17-nginx.container  active/running

Describe the results you received

When a quadlet application (consisting of more than one container installed from the same directory) is running, the following happens:

• When one quadlet is removed, the currently running/active quadlets immediately are not part of any application.
• Upon reinstalling the missing quadlet, only the newly installed unit joins the application group, while the quadlets that were continuously active and running are not part of it (the APPLICATION field remains empty).

Describe the results you expected

Multiple quadlets installed from a single directory are part of an application (the APPLICATION field value). When one of these quadlets is removed and subsequently reinstalled from the same source directory, it must join the existing application, and the quadlets that were running continuously should maintain their association status.

podman info output

host:
  arch: arm64
  buildahVersion: 1.41.5
  cgroupControllers:
  - cpu
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.13-2.fc43.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.13, commit: '
  cpuUtilization:
    idlePercent: 99.62
    systemPercent: 0.26
    userPercent: 0.12
  cpus: 2
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "43"
  emulatedArchitectures:
  - linux/386
  - linux/amd64
  eventLogger: journald
  freeLocks: 2041
  hostname: coreos
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 524288
      size: 65536
  kernel: 6.17.1-300.fc43.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 901152768
  memTotal: 2035802112
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.16.0-1.fc43.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.16.0
    package: netavark-1.16.1-1.fc43.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.16.1
  ociRuntime:
    name: crun
    package: crun-1.24-1.fc43.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.24
      commit: 54693209039e5e04cbe3c8b1cd5fe2301219f0a1
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20250919.g623dbf6-1.fc43.aarch64
    version: |
      pasta 0^20250919.g623dbf6-1.fc43.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-3.fc43.aarch64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.9.1
      SLIRP_CONFIG_VERSION_MAX: 6
      libseccomp: 2.6.0
  swapFree: 0
  swapTotal: 0
  uptime: 3h 2m 21.00s (Approximately 0.12 days)
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 33754689536
  graphRootUsed: 6427869184
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 6
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.6.2
  BuildOrigin: Fedora Project
  Built: 1759190400
  BuiltTime: Tue Sep 30 04:00:00 2025
  GitCommit: 9dd5e1ed33830612bc200d7a13db00af6ab865a4
  GoVersion: go1.25.1 X:nodwarf5
  Os: linux
  OsArch: linux/arm64
  Version: 5.6.2

core@coreos:~/homelab/quadlets$

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

Content of /etc/os-release:

cat /etc/os-release
NAME="Fedora Linux"
VERSION="43.20251024.3.0 (CoreOS)"
RELEASE_TYPE=stable
ID=fedora
VERSION_ID=43
VERSION_CODENAME=""
PRETTY_NAME="Fedora CoreOS 43.20251024.3.0"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:43"
HOME_URL="https://getfedora.org/coreos/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora-coreos/"
SUPPORT_URL="https://github.com/coreos/fedora-coreos-tracker/"
BUG_REPORT_URL="https://github.com/coreos/fedora-coreos-tracker/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=43
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=43
SUPPORT_END=2026-12-02
VARIANT="CoreOS"
VARIANT_ID=coreos
OSTREE_VERSION='43.20251024.3.0'
IMAGE_VERSION='43.20251024.3.0'

[mheon]

Good catch. Definitely feels like a bit of an oversight related to reinstalling, and should be fixed.

[kavishgr]

Update: Issues still persist with Podman 5.7.0.