1. Create hooks dir ``` mkdir $HOME/hooks.d ``` 2. Create policy file `$HOME/hooks.d/foobar1.json` containing ``` { "version": "1.0.0", "hook": { "path": "/bin/false" }, "when": { "annotations": { "^myannotation$": "yes" } }, "stages": ["poststart"] } ``` 3. Create policy file `$HOME/hooks.d/foobar2.json` containing ``` { "version": "1.0.0", "hook": { "path": "/bin/touch", "args": ["/bin/touch", "/tmp/poststop-created"] }, "when": { "annotations": { "^myannotation$": "yes" } }, "stages": ["poststop"] } ``` 4. Create file `$HOME/test.bash` containing ``` #!/bin/bash set -o nounset runtime=$1 podman \ --runtime $runtime \ --hooks-dir ~/hooks.d \ run \ --rm \ --annotation myannotation=yes \ docker.io/library/alpine \ sh -c "sleep 1 && echo hello && sleep 1" ``` 4. Test with `crun` ``` $ ls -l /tmp/poststop-created ls: cannot access '/tmp/poststop-created': No such file or directory $ bash test.bash /tmp/crun/crun 2026-03-14T08:25:31.178231Z: error executing hook `/bin/false` (exit code: 1) Error: `/tmp/crun/crun start a3035173b6311e002171be689725f2e63f23f31d4c329cf9e4b4cb38d76dc224` failed: exit status 1 $ ls -l /tmp/poststop-created -rw-r--r--. 1 test test 0 Mar 14 09:25 /tmp/poststop-created $ ``` __result:__ The file `/tmp/poststop-created` was created 5. Test with `runc` ``` $ ls -l /tmp/poststop-created ls: cannot access '/tmp/poststop-created': No such file or directory $ bash test.bash runc Error: OCI runtime error: runc: runc create failed: error running poststart hook #0: exit status 1, stdout: , stderr: $ ls -l /tmp/poststop-created ls: cannot access '/tmp/poststop-created': No such file or directory $ ``` __result:__ The file `/tmp/poststop-created` was not created ### discussion It's interesting that crun and runc have different behaviour. I don't know which behaviour is correct. ### about the system The executable `/tmp/crun/crun` was built from the git main branch (git commit: c07aadc344aacc867c1a334e5c0c1914da13365c) runc version 1.4.0 podman version 5.8.0 ``` test@fedora:~$ /tmp/crun/crun --version crun version 1.26.0.0.0.146-c07a commit: c07aadc344aacc867c1a334e5c0c1914da13365c rundir: /run/user/1060/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL test@fedora:~$ podman --version podman version 5.8.0 test@fedora:~$ runc --version runc version 1.4.0 spec: 1.3.0 go: go1.25.4 X:nodwarf5 libseccomp: 2.6.0 test@fedora:~$ cat /etc/fedora-release Fedora release 43 (Forty Three) ```
$HOME/hooks.d/foobar1.jsoncontaining$HOME/hooks.d/foobar2.jsoncontaining$HOME/test.bashcontainingcrun/tmp/poststop-createdwas createdrunc/tmp/poststop-createdwas not createddiscussion
It's interesting that crun and runc have different behaviour.
I don't know which behaviour is correct.
about the system
The executable
/tmp/crun/crunwas built from the git main branch (git commit: c07aadc)runc version 1.4.0
podman version 5.8.0