[Podman] Re: Unable to connect to container using varlink

Hello all, Daniel Walsh [2019-08-12 8:55 -0400]: > You need to have podman varlink running locally in your homedir for this > to work.  I know their is effort to make this happen seamlessly. Indeed podman's service file almost works for the systemd user instance. Matej recently sent https://github.com/containers/libpod/pull/3662 to make varlink on the user instance work out of the box. Martin > On 8/12/19 2:37 AM, niranjan(a)ashoo.in wrote: >> >> On Fri, Aug 9, 2019, at 11:54 AM, niranjan(a)ashoo.in wrote: >>> >>> On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: >>>> Hi Niranjan, >>>> >>>> default access permission is *0600* on */run/podman/io.podman >>>> *directory*,* so you can't use non-root user >>>> to access this listening directory, but you may modify permission >>>> before starting io.podman.socket, >>>> good luck! >>> Ah thanks,  Since the container was started by non-root user, when i >>> tried with sudo it failed >>> >>> $ sudo varlink call -m >>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>> <http://io.podman/io.podman.ListContainerProcesses> '{"name": >>> "mysssd", "opts": []}' >>> Unable to connect: CannotConnect >>> >>> Probably because the root user doesn't see the container . >>> >>>> [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman >>>> s*rw*-------. 1 root root 0 Aug  9 01:42 /run/podman/io.podman >>>> >>>> [root@ajia-rhel-8 ajia]# cat /usr/lib/systemd/system/io.podman.socket >>>> [Unit] >>>> Description=Podman Remote API Socket >>>> Documentation=man:podman-varlink(1) >>>> >>>> [Socket] >>>> *ListenStream=/run/podman/io.podman >>>> SocketMode=0600* >>>> >>>> [Install] >>>> WantedBy=sockets.target >>>> >>>> Sincerely, >>>> Alex Jia >>> When i tried to change the SocketMode to 0666 >>> >>> [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket >>> [Unit] >>> Description=Podman Remote API Socket >>> Documentation=man:podman-varlink(1) >>> >>> [Socket] >>> ListenStream=/run/podman/io.podman >>> SocketMode=0666 >>> >>> [Install] >>> WantedBy=sockets.target >>> [root@mniranja ~]# ls -l /var/run/podman/io.podman >>> srw-rw-rw-. 1 root root 0 Aug  9 11:51 /var/run/podman/io.podman >>> >>> $ varlink call -m >>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>> <http://io.podman/io.podman.ListContainerProcesses> '{"name": >>> "mysssd", "opts": []}' >>> Unable to connect: CannotConnect >>> (venv) [mniranja@mniranja ad]$ sudo systemctl status io.podman.socket >>> ● io.podman.socket - Podman Remote API Socket >>>    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; >>> vendor preset: disabled) >>>    Active: active (listening) since Fri 2019-08-09 11:51:21 IST; 1min >>> 12s ago >>>      Docs: man:podman-varlink(1) >>>    Listen: /run/podman/io.podman (Stream) >>>    CGroup: /system.slice/io.podman.socket >>> <http://system.slice/io.podman.socket> >>> >>> (venv) [mniranja@mniranja ad]$ podman ps >>> CONTAINER ID  IMAGE                            COMMAND         >>> CREATED       STATUS           PORTS  NAMES >>> de27f6bd7c59  docker.io/library/fedora:latest >>> <http://docker.io/library/fedora:latest>  /usr/sbin/init  24 hours >>> ago  Up 24 hours ago         mysssd >>> (venv) [mniranja@mniranja ad]$ >> Even after changing the permissions to 0666, as non root user i am >> still unable to use varlink to access the container.  Any info on how >> i could use varlink as non root user to access containers created >> using non-root user. >> >> >> >>> >>>> >>>> On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in >>>> <mailto:niranjan@ashoo.in>> wrote: >>>> >>>> Greetings, >>>> >>>> I have a container running on RHEL8 , The container was started >>>> as non root user using podman cli. I am trying to connect to >>>> container using varlink and it's unable to connect. >>>> >>>> $ podman ps >>>> CONTAINER ID  IMAGE                            COMMAND        >>>>  CREATED       STATUS           PORTS  NAMES >>>> de27f6bd7c59  docker.io/library/fedora:latest >>>> <http://docker.io/library/fedora:latest>  /usr/sbin/init  22 >>>> hours ago  Up 22 hours ago         mysssd >>>> >>>> >>>> $ sudo systemctl restart io.podman.socket >>>> $ sudo systemctl status io.podman.socket >>>> ● io.podman.socket - Podman Remote API Socket >>>>    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; >>>> enabled; vendor preset: disabled) >>>>    Active: active (listening) since Fri 2019-08-09 10:38:38 IST; >>>> 1s ago >>>>      Docs: man:podman-varlink(1) >>>>    Listen: /run/podman/io.podman (Stream) >>>>    CGroup: /system.slice/io.podman.socket >>>> >>>> >>>> $varlink call -m >>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>>> '{"name": "mysssd", "opts": []}' >>>> Unable to connect: CannotConnect >>>> >>>> >>>> Version: >>>> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 >>>> libvarlink-16-1.el8.x86_64 >>>> libvarlink-util-16-1.el8.x86_64 >>>> >>>> Regards >>>> Niranjan >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> <mailto:podman@lists.podman.io> >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>> <mailto:podman-leave@lists.podman.io> >>>> >>> _______________________________________________ >>> Podman mailing list -- podman(a)lists.podman.io >>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>> >> >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io