Shared IPC doesn't seem to be working when using podman compose

[jiteshvassa]

Issue Description

Shared IPC doesn't appear to be working as expected when using podman compose.

$ podman version
Client:       Podman Engine
Version:      5.4.0
API Version:  5.4.0
Go Version:   go1.23.10 (Red Hat 1.23.10-1.el9_6)
Built:        Wed Jun 25 06:42:23 2025
OS/Arch:      linux/amd64

$  podman info
host:
  arch: amd64
  buildahVersion: 1.39.4
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-1.el9.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: c0564282e9befb7804c3642230f8e94f1b2ba9f8'
  cpuUtilization:
    idlePercent: 98.93
    systemPercent: 0.07
    userPercent: 1
  cpus: 12
  databaseBackend: sqlite
  distribution:
    distribution: rhel
    version: "9.5"
  eventLogger: journald
  freeLocks: 2045
  hostname: vm
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.0-503.40.1.el9_5.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 17123495936
  memTotal: 20700946432
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.12.2-1.el9_5.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.12.2
    package: netavark-1.12.2-1.el9.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.12.2
  ociRuntime:
    name: crun
    package: crun-1.16.1-1.el9.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.16.1
      commit: afa829ca0122bd5e1d67f1f38e6cc348027e3c32
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240806.gee36266-7.el9_5.x86_64
    version: |
      pasta 0^20240806.gee36266-7.el9_5.x86_64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.3.1-1.el9.x86_64
    version: |-
      slirp4netns version 1.3.1
      commit: e5e368c4f5db6ae75c2fce786e31eef9da6bf236
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 3439325184
  swapTotal: 3439325184
  uptime: 134h 58m 1.00s (Approximately 5.58 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /home/vm/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 0
    stopped: 2
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/vm/.local/share/containers/storage
  graphRootAllocated: 29775364096
  graphRootUsed: 4465623040
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/vm/.local/share/containers/storage/volumes
version:
  APIVersion: 5.4.0
  Built: 1750848143
  BuiltTime: Wed Jun 25 06:42:23 2025
  GitCommit: ""
  GoVersion: go1.23.10 (Red Hat 1.23.10-1.el9_6)
  Os: linux
  OsArch: linux/amd64
  Version: 5.4.0

$ rpm -q podman
podman-5.4.0-12.el9_6.x86_64

Steps to reproduce the issue

Run podman compose up with the following compose file:

services:
  c1:
    container_name: c1
    image: alpine
    command: ['sh', '-c', 'ls -l /proc/self/ns/ipc; tail -f /dev/null']
    ipc: shareable
  c2:
    container_name: c2
    image: alpine
    command: ['sh', '-c', 'ls -l /proc/self/ns/ipc; tail -f /dev/null']
    ipc: "container:c1"
    depends_on: [c1]

Describe the results you received

Output from podman compose up is:

$ podman compose up
>>>> Executing external compose provider "/usr/bin/podman-compose". Please see podman-compose(1) for how to
disable this message. <<<<

3ea88a11183a051adbd3a0f5107d1dc138678b657295fe4ef83d1ac2d723cabc
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 9824c27679d3 done   |
Copying config 9234e8fb04 done   |
Writing manifest to image destination
9995312cb5a3c17251ca92e6dd19e7b2a2a764c2bd39da0afce3cb83cca8be69
2d872fa59e349b57acffd4f0acabd4c405c3a85636f615b964caa4dd31f72805
[c1] | lrwxrwxrwx    1 root     root             0 Aug 19 08:19 /proc/self/ns/ipc -> ipc:[4026532497]
[c2] | lrwxrwxrwx    1 root     root             0 Aug 19 08:19 /proc/self/ns/ipc -> ipc:[4026532559]

Describe the results you expected

Expectation was that the same inode would be observed in the output above