April 2021 - Podman - Podman List Archives

Podman Community Meeting Notes for April 2021 are posted

by Tom Sweeney

Hi All, The meeting notes from the April 2021 Podman Community Meeting are now online on podman.io (https://podman.io/community/meeting/notes/2021-04-06/). I was told that the link to the video that I sent originally was to the March meeting, apologies for that. The correct link is on the meeting minutes page and directly: https://bluejeans.com/playback/guid/Nzk2NDEyMDM5OjQ3MjMzNy04MzM3NzJhNS1kY... t

3 years, 7 months

1
0
0 / 0

Permissions on top level of mounted volume in rootless container

by Peter Upfold

Hello, I'm struggling a little with the permissions set on the top level directory of a volume that is mounted in a rootless container. My Containerfile: https://gist.github.com/PeterUpfold/2f63ad5341ffd9079bc2683a5bb2744c The top level directory of the volume mount, /var/www/html/websites/windows, ends up with root:nobody and 0755 permissions inside the container. I've seen similar issues on this list: Daniel Walsh's suggestion of `--annotation run.oci.keep_original_groups=1` seems to work beautifully to change the ownership of the volume folder in the container to be windowsnoob:windowsnoob, as I would want it, _if_ I'm doing `podman run`. However, I'm trying to create a pod as follows. Is it possible to have this permissions configuration work in this scenario? podman pod create -n windowsnoob -p 8081 podman build -t windowsnoob-fpm . podman create --name windowsnoob-fpm --pod windowsnoob -v /var/www/html/websites/windows:/var/www/html/websites/windows:Z,noexec,nodev,rw windowsnoob-fpm podman pod start windowsnoob At the moment, doing this and checking the permissions on the /var/www/html/websites/windows volume in the created container (via `podman exec -it [container] bash`) still shows the following: drwxr-xr-x. 2 root nobody 28 Feb 14 09:45 windows (Note that I can write to a subfolder already owned by windowsnoob:windowsnoob _inside_ the volume just fine — I don't believe this is an SELinux issue, or a permissions issue on anywhere except the top level of the volume mount!) Thank you for any insight you might be able to provide! Peter Upfold

3 years, 7 months

3
6
0 / 0

Podman Community Meeting Recoring - April 6, 2021

by Tom Sweeney

Hi All, The April 2021 Podman Community Meeting finished up just a little bit ago and the recording is available for viewing at: https://bluejeans.com/s/@f3vA2PsK7a The next Podman Community Meeting is Tuesday May 4th, 2021 at 11:00 a.m. Eastern (UTC-4). We're currently looking for topics on Podman, Buildah, Skopeo or other related container technnologies, please let me know if you'd like to present. Bonus points if you can work in a Star Wars reference that day! t

3 years, 7 months

1
0
0 / 0

unknown capability CAP_PERFMON

by lejeczek

Hi guys. My podman created a network, just with: -> $ podman network create /home/podmania/.config/cni/net.d/cni-podman0.conflist then created a pod: -> $ podman pod create --network cni-podman0 --hostname some ---name some then tried to create a container: -> $ podman run -it --pod=some --name some-nettols docker.io/pmietlicki/nettools ERRO[0000] error starting some container dependencies ERRO[0000] "container_linux.go:370: starting container process caused: unknown capability \"CAP_PERFMON\": OCI runtime error" Error: error starting some containers: internal libpod error Is that a limitation by design? I see that while run "rootless" and am on CentOS Stream with: podman-3.1.0-0.13.module_el8.5.0+733+9bb5dffa.x86_64 4.18.0-294.el8.x86_64 many thanks, L.

3 years, 7 months

2
3
0 / 0

Podman Community Meeting in 12 hours

by Tom Sweeney

Hi All, The Podman Community Meeting is happening later today. As a reminder, we've shifted the time to 8:00 p.m. Eastern this month so we will be meeting in just over 12 hours from now. Agenda: https://podman.io/community/meeting/agenda/ Video Conference: https://bluejeans.com/796412039 Hope to see you there! t

3 years, 7 months

1
0
0 / 0

New Podman CVE: CVE-2021-20291

by Matt Heon

Hi, In the last few days, a new CVE affecting Podman, CVE-2021-20291, was made public. This vulnerability affects the containers/storage library and can cause a denial of service if the user pulls a specially-crafted image, causing most Podman commands to hang. The Podman team does not feel that this is a serious vulnerability, as any affected Podman image pull can be killed without adverse effect on other Podman processes and running containers. However, we still encourage all users to upgrade to the latest Podman release, Podman v3.1.0, which resolves the issue. Thanks, Matt Heon

3 years, 7 months

2
1
0 / 0

applying VLAN ip to podman

by andrewm659＠yahoo.com

I am trying to give my container its own IP address. I am using the macvlan and have it setup. Am I doing this wrong? [ameyer@podman01 ~]$ sudo podman run --privileged --ip 10.150.11.41 --mac-address 2A:7C:AA:ED:A2:AE --name=pihole --dns=1.1.1.1 -e TZ=America/Chicago -e SERVERIP=10.150.11.41 -e ServerIP=10.150.11.41 -e WEBPASSWORD=secret -e DNS1=1.1.1.1 -e DNS2=1.0.0.1 -e DNSSEC=true -e CONDITIONAL_FORWARDING=true -e CONDITIONAL_FORWARDING_IP=10.150.10.1 -e CONDITIONAL_FORWARDING_DOMAIN=lan -e TEMPERATUREUNIT=f -v pihole_pihole:/etc/pihole:Z -v pihole_dnsmasq:/etc/dnsmasq.d:Z docker.io/pihole/pihole ERRO[0002] Error adding network: failed to allocate all requested IPs: 10.150.11.41 ERRO[0002] Error while adding pod to CNI network "podman": failed to allocate all requested IPs: 10.150.11.41 Error: error configuring network namespace for container 6b7fa7c2d16a880388c835e6688484480bda0b3260c1a71fead835d0858bc7cb: failed to allocate all requested IPs: 10.150.11.41 [ameyer@podman01 ~]$

3 years, 7 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

Podman April 2021