bind-propagation=rshared has no effect
by Rudolf Vesely
Hi Everybody,
I tried to mount filesystem inside unprivileged container using fuse3 and it's working. The only thing I had to do was to mount /dev/fuse using "--device" and add "SYS_ADMIN" capability.
Example:
podman run \
-d \
--device=/dev/fuse \
--cap-add SYS_ADMIN \
localhost/myimage
After that I can mount fuse inside.
Now I'd like to access the mounted filesystem from another container in a pod or from the container host. In order to do that I used "bind-propagation=rshared" like this:
podman run \
--mount=type=bind,source=/from,destination=/to,bind-propagation=rshared \
-d \
--device=/dev/fuse \
--cap-add SYS_ADMIN \
localhost/myimage
When I mount fuse inside the container into "/to" or "/to/subfolder" I can again see / access the filesystem from inside of the container but I don't see it from the host / from another containers in a pod that mount "/from".
Could you please tell me Am I missing something?
I was thinking that maybe AppArmor but looking into logs - nothing.
Running Podman 3.4.4 on Debian Bookworm (kernel 5.16).
Thank you.
Kind regards,
Rudolf Vesely
3 years, 1 month
help with /etc/subuid needed
by Uwe Reh
Sorry, at the moment I'm blind.
Could anyone give me a hint, about my surely obvious mistake.
*Problem*
rhel8.5 / podman version 3.4.2 the following command fails.
> (rootless) podman pull docker.io/library/mariadb:latest
> ...
> Error: writing blob: adding layer with blob
"sha256:08c01a0ec47e82ebe2bec112f373d160983a6d1e9e66627f66a3322bc403221b":
Error processing tar file(exit status 1): potentially insufficient UIDs
or GIDs available in user namespace (requested 0:42 for /etc/gshadow):
Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument
*but*
> cat /etc/subuid
> me:100000:99999
> cat /etc/subgid
> me:100000:99999
The same command runs fine on fedora 35 / podman version 3.4.4 .
Regards
Uwe
3 years, 1 month
podman system service and qemu
by Hendrik Haddorp
Hi,
using "podman run --arch ..." it's quite easy to start containers for a
different architecture with the support of qemu. "podman system service"
does however not seem to have the same support. I would like to use a
docker build from existing tooling for a different architecture. So this
would use the docker API that the podman system service provides. I
guess it should be possible to start a container using podman run --arch
an then start the podman system service in there. Is there a simpler way
as podman in podman has quite often some setup issues and the whole
handling would be more complicated?
thanks,
Hendrik
3 years, 1 month
Execute command on exit (?)
by Prafulla Giri
Hello there,
I have bind-mounted a local dir inside a container. Once the container is closed the directory permissions are
changed to a subuid and I have to run `podman unshare chown -R 0:0 /path/to/dir` manually if I want to do anything
with the bind-mounted directory. I was wondering if there is a method whereby a container (or a pod) could be configured
to do this automatically? I'd be glad to know about it (or any other ways to get around this minor issue).
Thank you.
3 years, 1 month
podman openmpi container
by ugiwgh@qq.com
I have read article on https://podman.io/blogs/2019/09/26/podman-in-hpc.html.
And I have built openmpi image with fedroa.30 and centos.7.9.2009.
The hello_c runs successfully on fedroa.30 image.
But hello_c failed to run on centos.7.9.2009. It hang when runs on centos.7.9.2009 image.
I run it with -d, and it hang at "[rsyncdk2:2674797] [[58966,0],0] Releasing job data for [INVALID]".
The following is the whole message.
[rsync@rsyncdk2 ~] mpirun -d -v -host rsyncdk2:2 podman run --rm --env-host --userns=keep-id --network=host --pid=host --ipc=host 69fb54f4bb75 /home/hello_c
[rsyncdk2:2674797] procdir: /tmp/ompi.rsyncdk2.1000/pid.2674797/0/0
[rsyncdk2:2674797] jobdir: /tmp/ompi.rsyncdk2.1000/pid.2674797/0
[rsyncdk2:2674797] top: /tmp/ompi.rsyncdk2.1000/pid.2674797
[rsyncdk2:2674797] top: /tmp/ompi.rsyncdk2.1000
[rsyncdk2:2674797] tmp: /tmp
[rsyncdk2:2674797] sess_dir_cleanup: job session dir does not exist
[rsyncdk2:2674797] sess_dir_cleanup: top session dir not empty - leaving
[rsyncdk2:2674797] procdir: /tmp/ompi.rsyncdk2.1000/pid.2674797/0/0
[rsyncdk2:2674797] jobdir: /tmp/ompi.rsyncdk2.1000/pid.2674797/0
[rsyncdk2:2674797] top: /tmp/ompi.rsyncdk2.1000/pid.2674797
[rsyncdk2:2674797] top: /tmp/ompi.rsyncdk2.1000
[rsyncdk2:2674797] tmp: /tmp
[rsyncdk2:2674797] [[58966,0],0] Releasing job data for [INVALID]
3 years, 1 month
Podman contribution inquiry
by Calin Georgescu
Dear maintainers of the Podman repository,
We are a group of four computer science master students from the Delft University of Technology in the Netherlands following the course IN4315 Software Architecture (https://se.ewi.tudelft.nl/delftswa/). For this course we have chosen an open-source project to contribute to in the following eight weeks. Our group picked the Podman project, and we will therefore make a set of contributions for our project.
The project consists of two parts: firstly, we will write four essays discussing architecture choices that we will publish on https://desosa2022.netlify.app/. Secondly, we need to make between three and six code/documentation contributions to your repository to learn the workflow for contributing and to be able to dive deeper into the analysis. This is our first time contributing to open-source projects, and we are looking forward to assisting you with valuable contributions wherever it is most appropriate.
We would greatly appreciate it if it would be possible to open a channel of communication with you, where we could get some guidance and feedback on the contributions we produce. We are currently in the process of choosing the most appropriate issues to focus on throughout the duration of the course. We plan to contribute to increasingly more complex tasks as we become more familiar with the system, but it would be of great benefit to us if you could suggest some possible starting points, such as perhaps good first issues to focus on.
We have already gone through the process of selecting some issues that may be practical first choices, such as https://github.com/containers/podman/issues/13261 and https://github.com/containers/podman/issues/13266. If there are more appropriate contributions to focus on for our group, we would be happy to consider them!
Also, we checked the /doc directory in the repository and the published documentation on the podman website. It seems to us that they are mainly functioning as a guide for users. It would be nice if you could direct us to some technical, developer-centric documentation. Or if such a portal is not yet available, perhaps this could be one of our initial contributions?
Thank you for your time and consideration. If you have any questions or remarks, feel free to reach out to us through email or GitHub.
Kind regards,
Krzysztof Baran @kbaran
Rover van der Noort @rvandernoort
Xueyuan Chen @keonchennl
Calin Georgescu @gcalin
3 years, 1 month
Changing shell for RUNs in Containerfile without SHELL instruction
by Hans F
Hi folks,
Could you please tell me is there an easy way how to use something like SHELL instruction in Containerfile? OCI specs don't support SHELL so by default "podman build" requires --format docker but I would prefer to avoid it an use "pure" Podman / OCI.
I would like to use something like:
SHELL ["/bin/bash", "-c"]
So I can use Bashisms like for example:
RUN tee file <<< 'hello'
instead of:
RUN bash -c "tee file <<< 'hello'"
(I know I can echo hello | tee file, this is just a stupid example of Bashism.
I was thinking changing ENTRYPOINT at the beginning of Container file to
ENTRYPOINT ["/bin/bash", "-c"]
But that doesn't work...
Any suggestions are most welcomed ;-). (just please don't suggest not using Bashisms, I like them! ;-))
Thank you.
Hans
3 years, 1 month
