3:10 p.m.
/proc/sys/fs/mqueue/msg_max is IPC namespaced but it is always owned by
root in the initial user namespace. A rootless container doesn't have
enough privileges to write to it.
You can verify it with:
$ podman run --rm fedora stat /proc/sys/fs/mqueue/msg_max
File: /proc/sys/fs/mqueue/msg_max
Size: 0 Blocks: 0 IO Block: 1024 regular empty file
Device: 7bh/123d Inode: 3634162 Links: 1
Access: (0644/-rw-r--r--) Uid: (65534/ nobody) Gid: (65534/ nobody)
So given the current limitation in the kernel, you have two possible
choices to workaround it:
1) run with --ipc host
2) get some help from root in the host:
$ sudo nsenter -i -t $CONTAINER_PID sh -c 'echo $NEW_MSG_MAX >
/proc/sys/fs/mqueue/msg_max'
Giuseppe
Michael Ivanov <ivans(a)isle.spb.ru> writes:
Yes it is 256:
island:backend [master]> cat /proc/sys/fs/mqueue/msg_max
256
On 20.05.2021 21:00, Daniel Walsh wrote:
On 5/20/21 08:29, Michael Ivanov wrote:
Hallo!
I'm trying to run my application in podman rootless container and I stumble
on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at
least 256, but in running container this value is just 10. When I try to
specify this parameter while running the image (--sysctl
'fs.mqueue.msg_max=256')
I get the following error:
Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied
and container is not created.
My host where container is being run has this parameter set to 256. How can I
expose current host setting for msg_max to my container?
Best regards,
When you login to your user account is is et to 256?
$ cat /proc/sys/fs/mqueue/msg_max
10
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io