Hi guys. Here are errors from my unsuccessful attempt to create a rootless container, which to novices such as myself are quite cryptic: -> $ podman run -d --restart=always --pod=jat-${HOSTNAME%%.*} --security-opt label=disable --volume /srv/containers/podmania/jat-redis:/data --name redis docker.io/library/redis ERRO[0000] error starting some container dependencies ERRO[0000] "container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: rootfs_linux.go:59: mounting \"sysfs\" to rootfs at \"/sys\" caused: operation not permitted: OCI permission denied" Error: error starting some containers: internal libpod error I'm trying to drop the container into a pod which is rootless too. The error persist also with/in 'Permissive' selinux. Somebody could help decrypt & troubleshoot this? I'm on Centos Steam with: podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64 many thanks, L. _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io

Hi, that is probably caused by a regression in the kernel that is being addressed right now. Can you confirm it with the following command? $ unshare -rmn mount -t sysfs sysfs /sys && echo it works It works with crun because crun has some fallback path when mounting sysfs (that can happen if the user doesn't own the network namespace), but a fresh /sys in the container is preferrable when possible. Regards, Giuseppe

lejeczek via Podman <podman(a)lists.podman.io&gt; writes: > On 22/02/2021 20:52, lejeczek via Podman wrote: >> Hi guys. >> >> Here are errors from my unsuccessful attempt to create a rootless >> container, which to novices such as myself are quite cryptic: >> >> -> $ podman run -d --restart=always --pod=jat-${HOSTNAME%%.*} >> --security-opt label=disable --volume >> /srv/containers/podmania/jat-redis:/data --name redis >> docker.io/library/redis >> ERRO[0000] error starting some container dependencies >> ERRO[0000] "container_linux.go:370: starting container process >> caused: process_linux.go:459: container init caused: >> rootfs_linux.go:59: mounting \"sysfs\" to rootfs at \"/sys\" caused: >> operation not permitted: OCI permission denied" >> Error: error starting some containers: internal libpod error >> >> I'm trying to drop the container into a pod which is rootless >> too. The error persist also with/in 'Permissive' selinux. >> Somebody could help decrypt & troubleshoot this? >> I'm on Centos Steam with: >> podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64 >> >> many thanks, L. >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > this is rather sad that 'crun' does not get pulled in as rpm > dependency of 'podman' and that we have to find out hard way. > > regards, L. > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io

On 23/02/2021 11:59, Giuseppe Scrivano wrote: > $ unshare -rmn mount -t sysfs sysfs /sys && echo it works -> $ unshare -rmn mount -t sysfs sysfs /sys && echo it works mount: /sys: permission denied.