mqueue msg_max in rootless container
by Michael Ivanov
Hallo!
I'm trying to run my application in podman rootless container and I stumble
on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at
least 256, but in running container this value is just 10. When I try to
specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256')
I get the following error:
Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied
and container is not created.
My host where container is being run has this parameter set to 256. How can I
expose current host setting for msg_max to my container?
Best regards,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
10 months, 3 weeks
=?utf-8?q?=5BPodman=5D?=(Meta) Security warnings for podman mailing list
by Joost Molenaar
Hi all, for ~every message posted to this list, some email clients
display an error, in my case "This email has failed its domain's
authentication requirements. It may be spoofed or improperly
forwarded."
These are the authentication results for a recent message from the
list:
Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=8.43.85.227
Authentication-Results: mailin008.protonmail.ch; dkim=none
Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io
Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com
If I understand correctly, Mailman has an option[1] to change the
From: header in the email and add the original sender's name and
address to the Reply-To: header, which leads to a slightly worse user
experience, but is better for security because it reduces the number
of false positives we get exposed to.
So my question is, could we enable DMARC mitigation to reduce
warning fatigue?
Regards,
Joost Molenaar
[1]: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers...
1 year, 9 months
Using Eclipse with Podman Engine on Linux
by Mehdi Haghgoo
I want to use Eclipse with Podman backend on Windows. I have Podman Desktop installed and the podman context is:
Name URI Identity Default
podman-machine-default ssh://user@localhost:64926/run/user/1000/podman/podman.sock C:\Users\me\.ssh\podman-machine-default true
podman-machine-default-root ssh://root@localhost:64926/run/podman/podman.sock C:\Users\me\.ssh\podman-machine-default false
Eclipse's Docker tooling has a setting for Container engine like the following:
It takes either a unix socket or a TCP connection, but none of them accept the value specified by Podman URI like ssh://user@localhost:64926/run/user/1000/podman/podman.sock.
Is there a workaround I can connect Eclipse to Podman engine on Windows?
1 year, 11 months
podman container storage backup
by Michael Ivanov
Greetings,
I make periodic backups of my laptop where I use some podman containers.
To perform a backup I just invoke rsync to copy my /home/xxxx/.local/share/containers
directory to nfs mounted filesystem.
Containers are running, but quiescent, no real activity occurs.
Is this a correct way to back up or is there anything special about
container directory to be taken into account? As far as I understand
some hash-named subdirectories are shared between different containers
and images using special kind of mounts, can this lead to duplicate
copies r inconsistencies?
Underlying fs is btrfs.
Thanks,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
1 year, 11 months
runtime/cgo: pthread_create failed: Resource temporarily unavailable SIGABRT: abort
by GHui Wu
$ podman images
runtime/cgo: pthread_create failed: Resource temporarily unavailable
SIGABRT: abort
PC=0x2b9fff366387 m=0 sigcode=18446744073709551610
goroutine 0 [idle]:
runtime: unknown pc 0x2b9fff366387
stack: frame={sp:0x7ffe6e195d58, fp:0x0} stack=[0x7ffe6df97128,0x7ffe6e196160)
00007ffe6e195c58: 2f7374726f707865 762f3a6572616873
00007ffe6e195c68: 662f62696c2f7261 652f6b617074616c
00007ffe6e195c78: 732f7374726f7078 73752f3a65726168
00007ffe6e195c88: 2f6c61636f6c2f72 752f3a6572616873
00007ffe6e195c98: 65726168732f7273 0000000000000000
00007ffe6e195ca8: 0000000000000000 0000000000000000
00007ffe6e195cb8: 0000000000000000 2e656d69746e7572
00007ffe6e195cc8: 6e65766163736762 0000000000000000
00007ffe6e195cd8: 0000000000000000 2f3a65726168732f
00007ffe6e195ce8: 2f62696c2f726176 0000000074616c66
00007ffe6e195cf8: 2f7374726f707865 0000000000000002
00007ffe6e195d08: 0000000000000000 0000000000000000
00007ffe6e195d18: 0000000000000000 0000000000000000
00007ffe6e195d28: 00002b9fff6f8868 00000000020600ae
00007ffe6e195d38: 0000000003ff0080 0000000000000000
00007ffe6e195d48: 0000000001f8b1e0 0000000000000000
00007ffe6e195d58: <00002b9fff367a78 0000000000000020
00007ffe6e195d68: 0000000000000000 0000000000000000
00007ffe6e195d78: 0000000000000000 0000000000000000
00007ffe6e195d88: 0000000000000000 0000000000000000
00007ffe6e195d98: 0000000000000000 0000000000000000
00007ffe6e195da8: 0000000000000000 0000000000000000
00007ffe6e195db8: 0000000000000000 0000000000000000
00007ffe6e195dc8: 0000000000000000 0000000000000000
00007ffe6e195dd8: 0000000000000000 0000000000000000
00007ffe6e195de8: 0000000000000000 0000000000000000
00007ffe6e195df8: 0000000000000000 0000000000000000
00007ffe6e195e08: 0000000000000000 0000000000000000
00007ffe6e195e18: 0000000000000000 0000000000000000
00007ffe6e195e28: 0000000000000000 0000000000000000
00007ffe6e195e38: 0000000000000000 0000000003ff0080
00007ffe6e195e48: 0000000000000000 0000000001f8b1e0
runtime: unknown pc 0x2b9fff366387
stack: frame={sp:0x7ffe6e195d58, fp:0x0} stack=[0x7ffe6df97128,0x7ffe6e196160)
00007ffe6e195c58: 2f7374726f707865 762f3a6572616873
00007ffe6e195c68: 662f62696c2f7261 652f6b617074616c
00007ffe6e195c78: 732f7374726f7078 73752f3a65726168
00007ffe6e195c88: 2f6c61636f6c2f72 752f3a6572616873
00007ffe6e195c98: 65726168732f7273 0000000000000000
00007ffe6e195ca8: 0000000000000000 0000000000000000
00007ffe6e195cb8: 0000000000000000 2e656d69746e7572
00007ffe6e195cc8: 6e65766163736762 0000000000000000
00007ffe6e195cd8: 0000000000000000 2f3a65726168732f
00007ffe6e195ce8: 2f62696c2f726176 0000000074616c66
00007ffe6e195cf8: 2f7374726f707865 0000000000000002
00007ffe6e195d08: 0000000000000000 0000000000000000
00007ffe6e195d18: 0000000000000000 0000000000000000
00007ffe6e195d28: 00002b9fff6f8868 00000000020600ae
00007ffe6e195d38: 0000000003ff0080 0000000000000000
00007ffe6e195d48: 0000000001f8b1e0 0000000000000000
00007ffe6e195d58: <00002b9fff367a78 0000000000000020
00007ffe6e195d68: 0000000000000000 0000000000000000
00007ffe6e195d78: 0000000000000000 0000000000000000
00007ffe6e195d88: 0000000000000000 0000000000000000
00007ffe6e195d98: 0000000000000000 0000000000000000
00007ffe6e195da8: 0000000000000000 0000000000000000
00007ffe6e195db8: 0000000000000000 0000000000000000
00007ffe6e195dc8: 0000000000000000 0000000000000000
00007ffe6e195dd8: 0000000000000000 0000000000000000
00007ffe6e195de8: 0000000000000000 0000000000000000
00007ffe6e195df8: 0000000000000000 0000000000000000
00007ffe6e195e08: 0000000000000000 0000000000000000
00007ffe6e195e18: 0000000000000000 0000000000000000
00007ffe6e195e28: 0000000000000000 0000000000000000
00007ffe6e195e38: 0000000000000000 0000000003ff0080
00007ffe6e195e48: 0000000000000000 0000000001f8b1e0
goroutine 1 [running, locked to thread]:
runtime.asmcgocall(0x18ea9a0, 0xc0000986f8)
/usr/lib/golang/src/runtime/asm_amd64.s:652 +0x42 fp=0xc0000986e0 sp=0xc0000986d8 pc=0x47e302
runtime.newm1(0xc000100400)
/usr/lib/golang/src/runtime/proc.go:2139 +0xa5 fp=0xc000098720 sp=0xc0000986e0 pc=0x44a685
runtime.newm(0x1de1bc0, 0x0, 0xffffffffffffffff)
/usr/lib/golang/src/runtime/proc.go:2123 +0xa6 fp=0xc000098758 sp=0xc000098720 pc=0x44a526
runtime.startTemplateThread()
/usr/lib/golang/src/runtime/proc.go:2164 +0xb2 fp=0xc000098788 sp=0xc000098758 pc=0x44a7b2
runtime.main()
/usr/lib/golang/src/runtime/proc.go:204 +0x1d9 fp=0xc0000987e0 sp=0xc000098788 pc=0x446719
runtime.goexit()
/usr/lib/golang/src/runtime/asm_amd64.s:1371 +0x1 fp=0xc0000987e8 sp=0xc0000987e0 pc=0x47e6c1
rax 0x0
rbx 0x2b9fff6f8868
rcx 0xffffffffffffffff
rdx 0x6
rdi 0x121b
rsi 0x121b
rbp 0x20600ae
rsp 0x7ffe6e195d58
r8 0xa
r9 0x2b9ffe04d840
r10 0x8
r11 0x206
r12 0x3ff0080
r13 0x0
r14 0x1f8b1e0
r15 0x0
rip 0x2b9fff366387
rflags 0x206
cs 0x33
fs 0x0
gs 0x0
1 year, 12 months
Cancelled! Podman Community Cabal Meeting on October 20, 2022 at 11:00 am EDT (UTC-5)
by Tom Sweeney
Hi All,
A large number of the regular attendees will be involved in another
meeting at the same time next week, including myself. Given that and the
fact that we currently have no topics for the meeting, we have decided
to cancel the Podman Community Cabal meeting next Thursday October 20, 2022.
The next Podman Community Cabal Meeting will be on Thursday
November 17, 2022 at 11:00 a.m. EST (UTC-4). Please note that the US
will be rolling back our clocks an hour between then and now. If you
have any topics that you'd like to discuss, please let me know.
Thanks all!
t
2 years