podman container clone fails with secret_env type mismatch when container uses --secret name,type=env

[ozgur-as]

Issue Description

podman container clone fails with a JSON unmarshaling error when the source container has secrets injected as environment variables (--secret name,type=env).

The root cause is a type mismatch between two Go structs sharing the same "secret_env" JSON tag:

• ContainerMiscConfig.EnvSecrets in libpod/container_config.go is map[string]*secrets.Secret (object)
• ContainerBasicConfig.EnvSecrets in pkg/specgen/specgen.go is map[string]string

ConfigToSpec() in pkg/specgen/generate/container.go serializes the container config to JSON and deserializes it into a SpecGenerator. The secret_env field serializes as a JSON object but the target expects a string value, causing the unmarshal to fail.

Steps to reproduce the issue

1. Create a podman secret
   echo "my-secret-value" | podman secret create MY_SECRET -

2. Run a container with the secret as an env var
   podman run -d --name test_container --secret MY_SECRET,type=env docker.io/library/alpine:latest sleep 3600

3. Try to clone it
   podman container clone test_container test_clone docker.io/library/alpine:latest

Describe the results you received

Error: json: cannot unmarshal object into Go struct field SpecGenerator.ContainerBasicConfig.secret_env of type string

Describe the results you expected

The container should be cloned successfully, preserving the secret environment variable configuration.

podman info output

Ubuntu 24.04 amd64 5.4.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

No response

Additional information

No response

[Honny1]

I was able to reproduce that on main. It seems you already know where the problem is. Are you willing to create a PR with a fix? @ozgur-as

[ozgur-as]

/assign