rootless podman, docker-credential-gcloud, and snaps
by Ioan Rogers
Hi,
I'm on Ubuntu, and I've recently encountered an issue when trying to use rootless podman with the docker-credential-gcloud helper installed via snap.
This works fine when using the official google-cloud-sdk apt packages, and it used to work with snap packages until last October.
Here's what I see now:
```
$ podman pull gcr.io/private/image
Trying to pull gcr.io/private/image...
2021/02/01 13:19:17.474248 cmd_run.go:994: WARNING: cannot create user data directory: cannot create "/root/snap/google-cloud-sdk/166": mkdir /root/snap: permission denied
cannot create user data directory: /root/snap/google-cloud-sdk/166: Permission denied
error getting credentials - err: exit status 1, out: ``
Error: unable to pull gcr.io/private/image: Error initializing source docker://gcr.io/private/image:latest: error getting username and password: error getting credentials - err: exit status 1, out: ``
```
So it looks like the credential helper is being executed as root now. I'm not sure in which component the problem lies, or where I should file an issue.
Any pointers would be appreciated.
Thanks
Ioan Rogers
Sent with ProtonMail Secure Email.
3 years, 5 months
CIFS share as a volume
by rem@llgc.org.uk
Hi,
I have a problem mapping a cifs network share to a container.
It's an auto-mount and from the /etc/auto.mnt I can see it's mounted with: -fstype=cifs,rw,noperm,vers=3.0
The mount is attached to the /mnt/share-name
I run image of the container with:
sudo podman run --pod pod-name --detach --name container-name -v /mnt/share-name:/usr/src/app/share:rw,z .........
I get:
Error: failed to set file label on /mnt/share-name: operation not supported
Wonder if anybody could help me and point me to the right direction.
Thanks
3 years, 6 months
no logs from container
by lejeczek
Hi guys
I'm trying a popular image, perhaps very popular(not sure if
with podman consumers though) off which a rootful container
produces no logs.
I've tried podman vers 2.0 & 3.1, with the same results.
Adding debug to:
-> $ podman container restart cni-net.disc --log-level=debug
...
INFO[0000] Running conmon under slice
machine-libpod_pod_6ef5202d6954f3616a530f188954465e27ff4730dfad32b68d9467c26e789d18.slice
and unitName
libpod-conmon-7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97.scope
DEBU[0000] Received: 310116
INFO[0000] Got Conmon PID as 310113
DEBU[0000] Created container
7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97
in OCI runtime
DEBU[0000] Starting container
7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97
with command [/bin/bash]
DEBU[0000] Started container
7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97
7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97
DEBU[0000] Called restart.PersistentPostRunE(podman
container restart cni-net.discourse --log-level=debug)
does not reveal much as you can see.
I can:
-> $ podman exec -it cni-net.disc sh
and shell is availble.
How to troubleshoot issues like this?
many thanks, L.
3 years, 6 months
overlayfs driver VS images - overlayfs: unrecognized
by lejeczek
Hi guys.
First thing which came to mind was to try driver newer
version of the driver or newer kernel all together - when I
got this upon container creation:
....
overlayfs: unrecognized mount option "volatile" or missing value
overlayfs: unrecognized mount option "volatile" or missing value
....
But before I do that - would there be a way to tamper with
the image perhaps and/or other bits involved in order to get
get rid of the problem?
many thanks, L.
3 years, 7 months
Re: Need help in creating a rootless container in podman
by supravapanda@gmail.com
Hello All,
Looks like there is no write permission on /home other than root user.so i think i am getting below error
i will try to create a newuser with different home directory and try do podman run.
dir: mkdir
...
/home/orequest/.local/share/containers/storage/overlay/476579af086aee7
...
8cb12d88b08fd6b61a80a3f055cae293ec2d15a37dbe7b3f9/diff/.pivot_root4716
...
72024: permission denied
3 years, 7 months
Re: Need help in creating a rootless container in podman
by Scott McCarty
I've never seen this error. Is this a default install of RHEL 8.3? Try
adding a new user to the system and running the podman with that new user.
On Mon, Apr 26, 2021 at 10:14 AM Collins, Kent <Robert.Collins(a)bnsf.com>
wrote:
> Hi
>
>
>
> I am using podman and running non-root
>
> ==> podman version
>
> Version: 2.2.1
>
> API Version: 2
>
> Go Version: go1.14.7
>
> Built: Mon Feb 8 15:19:06 2021
>
> OS/Arch: linux/amd64
>
>
>
> I’ve loaded one docker image. But because of security and restrictions
> the building of that docker image I performed on my laptop. We have a
> local repository which as intense security scans of images which I will use
> as some point.
>
>
>
> So I downloaded the docker image I needed on my laptop. Exported the
> image and copied it to the server with podman. Then I ran LOAD to add the
> image. Import does not work because of the external registry.
>
>
>
> Thanks
>
>
>
> Kent Collins
>
> Office: 817.352.0251 | Enterprise Information Management | Cell:
> 817.879.7764
>
> Data Solutions Architect/Scientist – Published Author and Conference
> Speaker
>
>
>
> “Death and life are in the power of the tongue: and they that love it
> shall eat the fruit thereof.”
>
> Prov 18:21
>
>
>
>
>
>
>
> -----Original Message-----
> From: Daniel Walsh [mailto:dwalsh@redhat.com]
> Sent: Monday, April 26, 2021 5:58 AM
> To: podman(a)lists.podman.io
> Subject: [Podman] Re: Need help in creating a rootless container in podman
>
>
>
> External Message
>
> On 4/25/21 09:17, supravapanda(a)gmail.com wrote:
>
> > I have tried all options.when run podman pull command as a normal user i
> get below error.but as sudo it works fine.
>
> > Can i know what need to done to run the command as a non root user..
>
> >
>
> > atlvrmsbmld02:/home/orequest[ 53 ] --> podman pull
>
> > registry.access.redhat.com/ubi8/ubi
>
> > Trying to pull registry.access.redhat.com/ubi8/ubi:latest...
>
> > Getting image source signatures
>
> > Copying blob 4b21dcdd136d done
>
> > Copying blob 55eda7743468 done
>
> > Copying config 613e5da7a9 done
>
> > Writing manifest to image destination
>
> > Storing signatures
>
> > Error processing tar file(exit status 1): Error setting up pivot
>
> > dir: mkdir
>
> > /home/orequest/.local/share/containers/storage/overlay/476579af086aee7
>
> > 8cb12d88b08fd6b61a80a3f055cae293ec2d15a37dbe7b3f9/diff/.pivot_root4716
>
> > 72024: permission denied
>
> > Error: Error committing the finished image: error adding layer with
>
> > blob
>
> > "sha256:4b21dcdd136d133a4df0840e656af2f488c226dd384a98b89ced79064a4081
>
> > b4": Error processing tar file(exit status 1): Error setting up pivot
>
> > dir: mkdir
>
> > /home/orequest/.local/share/containers/storage/overlay/476579af086aee7
>
> > 8cb12d88b08fd6b61a80a3f055cae293ec2d15a37dbe7b3f9/diff/.pivot_root4716
>
> > 72024: permission denied
>
> > _______________________________________________
>
> > Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an
>
> > email to podman-leave(a)lists.podman.io
>
>
>
> Perhaps user namesapce is not setup correctly.
>
>
>
>
>
> podman unshare cat /proc/self/uid_map
>
>
>
> _______________________________________________
>
> Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an
> email to podman-leave(a)lists.podman.io
>
>
>
> <p></p>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
--
--
18 ways to differentiate open source products from upstream suppliers:
https://opensource.com/article/21/2/differentiating-products-upstream-sup...
--
Scott McCarty
Product Management - Containers, Red Hat Enterprise Linux & OpenShift
Email: smccarty(a)redhat.com
Phone: 312-660-3535
Cell: 330-807-1043
Web: http://crunchtools.com
3 years, 7 months
Tuesday May 4 Podman Community Meeting Topics
by Tom Sweeney
Hi All,
Just a quick ping asking for any topics for the the May 4th Podman
Community Meeting at 11:00 a.m. Eastern (UTC-4). If you've something
container related that you'd like to talk about, or have particular
functions in Podman, Buildah or Skopeo that you'd like to see a
discussion on, please let me know.
At the moment, I've about 20 to 30 minutes of time remaining in the
meeting and hope to get an agenda out for the Tuesday May 4th meeting
sometime later next week. So if you've a thought, please send me an
email. Bonus points if you can work in a Star Wars reference!
Thanks!
t
3 years, 7 months
Build podman v3 on RHEL 7
by Tony Huang
Hi,
Has anyone been able to build podman v3 on RHEL 7? (workstation or server) The getting started guide doesn't mention on the required RHEL release to build podman v3 from scratch. Please advise ...
Thanks in advance!
--Tony
3 years, 7 months
