Incorrect behaviour in creating loop devices #27902
Description
Issue Description
Repeat of #17715 - adding a bit more detail so it gets picked up this time. I have confirmed the behaviour when
- Running podman as root, and
- Using
--privileged=true, and - Adding
--cap-add SYS_ADMINexplicitly
Steps to reproduce the issue
Same repro instructions - you'll need a mountable image of some sort to work with, and you should ensure you have no /dev/loop* devices already present. In my case - I start with no /dev/loopX devices.
If there are /dev/loopX devices extant but not in use (ie: visible via ls /dev/loop* but not visible in losetup -la) then the issue won't appear as the container will reuse the extant loopX device. The container has to both create a new /dev/loopX device, and attempt to use it for the bug to appear.
sudo podman run --rm -it --privileged=true --cap-add SYS_ADMIN docker.io/library/debian:13 bash
In the container, make a test ext4 fs to mount
apt-get update
apt-get install e2fsprogs
dd if=/dev/zero of=/test_ext4 bs=1M count=0 seek=512 status=none
mkfs.ext4 -F "/test_ext4"
Then - try to mount this ext4
mount -o loop,rw /test_ext4 /mnt
mount: /mnt: failed to setup loop device for /test_ext4.
Inside the container - there is no /dev/loop0. On my host system - /dev/loop0 exists after the mount command is run.
It seems the container can create the /dev/loop0 device, but can't pick it up after creation
Describe the results you received
Can't see /dev/loopX after creation in the container - despite being able to create it from the container
Describe the results you expected
Should see /dev/loopX after creation in the container - OR should see an error when trying to create the loop device if that is more appropriate behaviour.
The issue is more that it can create it, but not read/use it. That's confusing. Should be all-or-nothing
podman info output
Run via sudo podman info as this is for rootful containers
host:
arch: amd64
buildahVersion: 1.42.2
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
- dmem
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon-1:2.1.13-1
path: /usr/bin/conmon
version: 'conmon version 2.1.13, commit: 82de887596ed8ee6d9b2ee85e4f167f307bb569b'
cpuUtilization:
idlePercent: 97.95
systemPercent: 0.68
userPercent: 1.38
cpus: 16
databaseBackend: sqlite
distribution:
distribution: arch
version: unknown
emulatedArchitectures:
- linux/arm
- linux/arm64
- linux/arm64be
- linux/loong64
- linux/mips
- linux/mips64
- linux/ppc
- linux/ppc64
- linux/ppc64le
- linux/riscv32
- linux/riscv64
- linux/s390x
eventLogger: journald
freeLocks: 2047
hostname: archlinux
idMappings:
gidmap: null
uidmap: null
kernel: 6.18.4-arch1-1
linkmode: dynamic
logDriver: journald
memFree: 89026641920
memTotal: 96639836160
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.17.0-1
path: /usr/lib/podman/aardvark-dns
version: aardvark-dns 1.17.0
package: netavark-1.17.1-1
path: /usr/lib/podman/netavark
version: netavark 1.17.1
ociRuntime:
name: runc
package: runc-1.4.0-1
path: /usr/bin/runc
version: |-
runc version 1.4.0
spec: 1.3.0
go: go1.25.4 X:nodwarf5
libseccomp: 2.6.0
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-2025_12_23.2ba9fd5-1
version: |
pasta 2025_12_23.2ba9fd5
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 34359734272
swapTotal: 34359734272
uptime: 0h 10m 40.00s
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries: {}
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev
graphRoot: /var/lib/containers/storage
graphRootAllocated: 989293707264
graphRootUsed: 727788290048
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 10
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.7.1
Built: 1765447754
BuiltTime: Thu Dec 11 21:09:14 2025
GitCommit: f845d14e941889ba4c071f35233d09b29d363c75
GoVersion: go1.25.5 X:nodwarf5
Os: linux
OsArch: linux/amd64
Version: 5.7.1Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
No
Additional environment details
Stock Arch Linux install, nothing custom
Additional information
No response