3:06 p.m.
On 24/03/2021 15:24, Matt Heon wrote:
On 2021-03-23 18:23, lejeczek via Podman wrote:
> Hi guys.
>
> I suppose not since I see this:
>
> -> $ podman container start alpine
> WARN[0000] Failed to add podman to systemd sandbox
> cgroup: dial unix
> /run/user/0/bus: connect: permission denied
> ERRO[0000] error starting some container dependencies
> ERRO[0000] "command rootless-cni-infra [alloc
> ab3ff4b8851d42203b745987183c5b0c9255be3a127c488550c7d9305dcff3a2
>
> host_for-cni chatter-drunk 10.0.2.26?? ] in container
> f086e66e64767efbac7aded808e1dcd18b27a203a0f1e2a1b711137706ba64c4
>
> failed with status 1, stdout=\"\", stderr=\"Link not
> found\\n\""
> Error: unable to start container
> "e65d59606f8fbb83165911de31c9977776e341bfc620e132e94e6c30c37fc6be":
>
> error starting some containers: internal libpod error
>
> unless it's a bug of some sort, but if limitation by
> design - is it
> possible to overcome/tweak it and have a "regular" user
> create and use
> macvlan network such as here:
>
Unfortunately, no. Rootless users don't have sufficient
permissions to
use a conventional network stack. While we are not
allowing CNI with
rootless Podman, this is for internal bridge networks only
- it's
still entirely segregated from the host's network interfaces.
Thanks,
Matt Heon
Thanks for clarifying - I do not suppose that is something
would change in the future?
And that also goes for: "portmap" (network rootless podman
creates by default) - when rootful, where there is "gateway"
will create a 'cni-podman0' iface whereas rootless does not
for is not capable, which is by design - right?
many thanks, L
> {
> ?????? "cniVersion": "0.4.0",
> ?????? "name": "host_for-cni",
> ?????? "plugins": [
> ?????????????? {
> ?????????????????????? "ipam": {
> ?????????????????????????????? "ranges": [
> ?????????????????????????????????????? [
> ?????????????????????????????????????????????? {
> ??????????????????????????????????????????????????????
> "gateway": "10.0.2.254",
> ??????????????????????????????????????????????????????
> "rangeEnd": "10.0.2.254",
> ??????????????????????????????????????????????????????
> "rangeStart": "10.0.2.2",
> ??????????????????????????????????????????????????????
> "subnet": "10.0.2.0/24"
> ?????????????????????????????????????????????? }
> ?????????????????????????????????????? ]
> ?????????????????????????????? ],
> ?????????????????????????????? "routes": [
> ?????????????????????????????????????? {
> ?????????????????????????????????????????????? "dst":
> "0.0.0.0/0"
> ?????????????????????????????????????? }
> ?????????????????????????????? ],
> ?????????????????????????????? "type": "host-local"
> ?????????????????????? },
> ?????????????????????? "master": "eth3",
> ?????????????????????? "type": "macvlan"
> ?????????????? },
> ?????????????? {
> ?????????????????????? "capabilities": {
> ?????????????????????????????? "mac": true
> ?????????????????????? },
> ?????????????????????? "type": "tuning"
> ?????????????? }
> ?????? ]
> }
>
> many thanks, L.
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io