Just a quick ping asking for any topics for the the May 4th Podman
Community Meeting at 11:00 a.m. Eastern (UTC-4). If you've something
container related that you'd like to talk about, or have particular
functions in Podman, Buildah or Skopeo that you'd like to see a
discussion on, please let me know.
At the moment, I've about 20 to 30 minutes of time remaining in the
meeting and hope to get an agenda out for the Tuesday May 4th meeting
sometime later next week. So if you've a thought, please send me an
email. Bonus points if you can work in a Star Wars reference!
Has anyone been able to build podman v3 on RHEL 7? (workstation or server) The getting started guide doesn't mention on the required RHEL release to build podman v3 from scratch. Please advise ...
Thanks in advance!
I have a problem mapping a cifs network share to a container.
It's an auto-mount and from the /etc/auto.mnt I can see it's mounted with: -fstype=cifs,rw,noperm,vers=3.0
The mount is attached to the /mnt/share-name
I run image of the container with:
sudo podman run --pod pod-name --detach --name container-name -v /mnt/share-name:/usr/src/app/share:rw,z .........
Error: failed to set file label on /mnt/share-name: operation not supported
Wonder if anybody could help me and point me to the right direction.
I'm struggling a little with the permissions set on the top level
directory of a volume that is mounted in a rootless container.
The top level directory of the volume mount,
/var/www/html/websites/windows, ends up with root:nobody and 0755
permissions inside the container.
I've seen similar issues on this list: Daniel Walsh's suggestion of
`--annotation run.oci.keep_original_groups=1` seems to work beautifully
to change the ownership of the volume folder in the container to be
windowsnoob:windowsnoob, as I would want it, _if_ I'm doing `podman run`.
However, I'm trying to create a pod as follows. Is it possible to have
this permissions configuration work in this scenario?
podman pod create -n windowsnoob -p 8081
podman build -t windowsnoob-fpm .
podman create --name windowsnoob-fpm --pod windowsnoob -v
podman pod start windowsnoob
At the moment, doing this and checking the permissions on the
/var/www/html/websites/windows volume in the created container (via
`podman exec -it [container] bash`) still shows the following:
drwxr-xr-x. 2 root nobody 28 Feb 14 09:45 windows
(Note that I can write to a subfolder already owned by
windowsnoob:windowsnoob _inside_ the volume just fine — I don't believe
this is an SELinux issue, or a permissions issue on anywhere except the
top level of the volume mount!)
Thank you for any insight you might be able to provide!
The April 2021 Podman Community Meeting finished up just a little bit
ago and the recording is available for viewing at:
The next Podman Community Meeting is Tuesday May 4th, 2021 at 11:00 a.m.
Eastern (UTC-4). We're currently looking for topics on Podman, Buildah,
Skopeo or other related container technnologies, please let me know if
you'd like to present. Bonus points if you can work in a Star Wars
reference that day!
My podman created a network, just with:
-> $ podman network create
then created a pod:
-> $ podman pod create --network cni-podman0 --hostname some
then tried to create a container:
-> $ podman run -it --pod=some --name some-nettols
ERRO error starting some container dependencies
ERRO "container_linux.go:370: starting container
process caused: unknown capability \"CAP_PERFMON\": OCI
Error: error starting some containers: internal libpod error
Is that a limitation by design? I see that while run
"rootless" and am on CentOS Stream with:
many thanks, L.
In the last few days, a new CVE affecting Podman, CVE-2021-20291, was
made public. This vulnerability affects the containers/storage library
and can cause a denial of service if the user pulls a
specially-crafted image, causing most Podman commands to hang. The
Podman team does not feel that this is a serious vulnerability, as any
affected Podman image pull can be killed without adverse effect on
other Podman processes and running containers. However, we still
encourage all users to upgrade to the latest Podman release, Podman
v3.1.0, which resolves the issue.
I am trying to give my container its own IP address. I am using the macvlan and have it setup. Am I doing this wrong?
[ameyer@podman01 ~]$ sudo podman run --privileged --ip 10.150.11.41 --mac-address 2A:7C:AA:ED:A2:AE --name=pihole --dns=184.108.40.206 -e TZ=America/Chicago -e SERVERIP=10.150.11.41 -e ServerIP=10.150.11.41 -e WEBPASSWORD=secret -e DNS1=220.127.116.11 -e DNS2=18.104.22.168 -e DNSSEC=true -e CONDITIONAL_FORWARDING=true -e CONDITIONAL_FORWARDING_IP=10.150.10.1 -e CONDITIONAL_FORWARDING_DOMAIN=lan -e TEMPERATUREUNIT=f -v pihole_pihole:/etc/pihole:Z -v pihole_dnsmasq:/etc/dnsmasq.d:Z docker.io/pihole/pihole
ERRO Error adding network: failed to allocate all requested IPs: 10.150.11.41
ERRO Error while adding pod to CNI network "podman": failed to allocate all requested IPs: 10.150.11.41
Error: error configuring network namespace for container 6b7fa7c2d16a880388c835e6688484480bda0b3260c1a71fead835d0858bc7cb: failed to allocate all requested IPs: 10.150.11.41