[Podman] Re: no logs from container

On 4/30/21 06:47, lejeczek via Podman wrote: > > > On 29/04/2021 20:47, Daniel Walsh wrote: >> On 4/28/21 16:46, lejeczek via Podman wrote: >>> >>> >>> On 28/04/2021 19:56, Daniel Walsh wrote: >>>> On 4/28/21 11:02, lejeczek via Podman wrote: >>>>> Hi guys >>>>> >>>>> I'm trying a popular image, perhaps very popular(not >>>>> sure if with podman consumers though) off which a >>>>> rootful container produces no logs. >>>>> I've tried podman vers 2.0 & 3.1, with the same results. >>>>> Adding debug to: >>>>> >>>>> -> $ podman container restart cni-net.disc >>>>> --log-level=debug >>>>> ... >>>>> INFO[0000] Running conmon under slice >>>>> machine-libpod_pod_6ef5202d6954f3616a530f188954465e27ff4730dfad32b68d9467c26e789d18.slice >>>>> and unitName >>>>> libpod-conmon-7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97.scope >>>>> >>>>> DEBU[0000] Received: 310116 >>>>> INFO[0000] Got Conmon PID as 310113 >>>>> DEBU[0000] Created container >>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>> in OCI runtime >>>>> DEBU[0000] Starting container >>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>> with command [/bin/bash] >>>>> DEBU[0000] Started container >>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>> >>>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>>> >>>>> DEBU[0000] Called restart.PersistentPostRunE(podman >>>>> container restart cni-net.discourse --log-level=debug) >>>>> >>>>> does not reveal much as you can see. >>>>> I can: >>>>> -> $ podman exec -it cni-net.disc sh >>>>> and shell is availble. >>>>> >>>>> How to troubleshoot issues like this? >>>>> many thanks, L. >>>>> _______________________________________________ >>>>> Podman mailing list -- podman(a)lists.podman.io >>>>> To unsubscribe send an email to >>>>> podman-leave(a)lists.podman.io >>>> >>>> I would first attempt it --privileged and see if it >>>> works. If it does, then we got to find out what >>>> security mechanism is blocking it. >>>> >>> '--privileged' gets me back to what I inquired about >>> and filed bugzilla earlier - CAP_PERFMON >>> I wonder, is a 'proper' fix moving to appear on the >>> horizon? >>> >> If --privileged works, now I would try each of the >> following separately. >> >> --security-opt label=disable >> >> --security-opt seccomp=unconfined >> >> --cap-add all >> >> Which would tell you that SELinux is blocking it, >> Seccomp, or capabilities. >> >> If it is capabilities, then we can start playing with >> which capability is needed. > Sorry, I did not make it straight enough, it fails with: > > -> $ _P=cni-net _N=disco-dev; podman run --privileged -td > --pod=$_P.${HOSTNAME%%.*} --volume > /srv/containers/FLATfiles/net.disco:/shared:z --name > ${_P}.$_N docker.io/discourse/discourse_dev > Error: OCI runtime error: unknown cap: `CAP_PERFMON` > > By 'fails' I mean - container gets created by still no logs. > Only config where 'logs -f' actually connects and hangs > onto something is: > -> $ podman run --security-opt label=disable > --restart=always -td --pod=.... > But still that something is 'blank' output, otherwise > '-f' returns to prompt immediately. > > many thanks, L. Please update to the lastes libcap version.  This basically means that the tools are using CAP_PERFMON which is not translated to the correct constants by the library, because the library is out of date.

>> >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> To unsubscribe send an email to >>>> podman-leave(a)lists.podman.io >>> _______________________________________________ >>> Podman mailing list -- podman(a)lists.podman.io >>> To unsubscribe send an email to >>> podman-leave(a)lists.podman.io >> >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to >> podman-leave(a)lists.podman.io > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io