mqueue msg_max in rootless container
by Michael Ivanov
Hallo!
I'm trying to run my application in podman rootless container and I stumble
on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at
least 256, but in running container this value is just 10. When I try to
specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256')
I get the following error:
Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied
and container is not created.
My host where container is being run has this parameter set to 256. How can I
expose current host setting for msg_max to my container?
Best regards,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
4 days, 23 hours
=?utf-8?q?=5BPodman=5D?=(Meta) Security warnings for podman mailing list
by Joost Molenaar
Hi all, for ~every message posted to this list, some email clients
display an error, in my case "This email has failed its domain's
authentication requirements. It may be spoofed or improperly
forwarded."
These are the authentication results for a recent message from the
list:
Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=8.43.85.227
Authentication-Results: mailin008.protonmail.ch; dkim=none
Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io
Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com
If I understand correctly, Mailman has an option[1] to change the
From: header in the email and add the original sender's name and
address to the Reply-To: header, which leads to a slightly worse user
experience, but is better for security because it reduces the number
of false positives we get exposed to.
So my question is, could we enable DMARC mitigation to reduce
warning fatigue?
Regards,
Joost Molenaar
[1]: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers...
10 months, 3 weeks
(no subject)
by Lakshmi Mannuru
Hi Team,
I have a scenario where I need some help.
The application is having multiple containers running with podman run at
start up.
When firmware update is triggered, some of the files running on x
container, need to start tftp container. Can some suggest the steps to
start and stop tftp container from x container when Firmware update is
getting executed.
Thanks in advance for your help.
Thank you
12 months
Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22)
by Laurent Meunier
Hello,
I would like to create rootful containers with static IPv4 and IPv6
addresses that are part of my network (containers that somehow act as
physical devices on my network).
From what I understand in the documentation [1], the macvlan driver
should be my preferred option with netavark.
[1]
https://github.com/containers/podman/blob/main/docs/tutorials/basic_netwo...
My problem is that I get an error when starting a container attached to
a macvlan network created with an IPv6 subnet:
> Error: netavark: failed configure macvlan: IO error: failed to add route: Invalid argument (os error 22)
FYI, as long as the maclan network is created without IPv6 subnet, I can
create new podman containers without error.
[root@fedora-server ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
state UP group default qlen 1000
link/ether 52:54:00:fd:e8:df brd ff:ff:ff:ff:ff:ff
inet 192.168.122.2/24 brd 192.168.122.255 scope global dynamic
noprefixroute enp1s0
valid_lft 2219sec preferred_lft 2219sec
inet6 fe80::5054:ff:fefd:e8df/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@fedora-server ~]#
[root@fedora-server ~]# ip r
default via 192.168.122.1 dev enp1s0 proto dhcp src 192.168.122.2 metric
100
192.168.122.0/24 dev enp1s0 proto kernel scope link src 192.168.122.2
metric 100
[root@fedora-server ~]#
[root@fedora-server ~]# podman info |grep -i networkbackend
networkBackend: netavark
[root@fedora-server ~]#
[root@fedora-server ~]# podman network create \
--driver macvlan \
--opt=parent=enp1s0 \
--subnet 192.168.122.0/24 \
--gateway 192.168.122.1 \
--subnet fe80::/112 \
mynetwork
mynetwork
[root@fedora-server ~]#
[root@fedora-server ~]# podman run -it --rm \
--ip=192.168.122.97 \
--ip6=fe80::97 \
--network=mynetwork \
registry.fedoraproject.org/fedora:latest bash
Error: netavark: failed configure macvlan: IO error: failed to add
route: Invalid argument (os error 22)
[root@fedora-server ~]#
[root@fedora-server ~]# podman run -it --rm \
--ip=192.168.122.97 \
--network=mynetwork \
registry.fedoraproject.org/fedora:latest bash
Error: netavark: failed configure macvlan: IO error: failed to add
route: Invalid argument (os error 22)
I don't know what I'm doing wrong. Maybe I'm missing something important
from the documentation. Any help will be appreciated.
Thanks.
--
Laurent Meunier <laurent(a)deltalima.net>
1 year
Installation of podman fails with access deniedon Windows
by Jochen Wiedmann
Hi,
for your info, and for the record:
having installed podman-desktop 0.9.1 on a Windows 10 machine, I
couldn't initialize it, due to the error message
mkdir C:\Users\jwi\.local\share\containers\podman: Access is denied.
Workaround has been as follows:
1.) Execute the command
podman machine init
as a non-privileged user (myself) failed with the same error.
2.) Execute the command
mkdir C:\Users\jwi\.local\share\containers\podman
as a privileged user (Administrazor) worked.
3.) Repeating the "podman machine init" command as an unprivileged user
works now, and Podman can be started.
What's suprising for me: I would have expected, that I should be able
to create a directory, that is located within my own home directory?
Jochen
--
Philosophy is useless, theology is worse. (Industrial Disease, Dire Straits)
1 year
systemd, podman play kube & restarting a pod automatically
by POIROTTE Francois
Hi,
I'm working with a pod where 2 containers depend on one another. I'm
using podman v4.3.0 and the pod is started using systemd
(podman-kube@.service).
When one of the containers is in an improper state (crashes, stops
unexpectedly, or some other condition is not met), I would like to
restart the whole pod automatically (just restarting the one container
that stopped is not enough in my case).
Ideally, systemd would be in charge of restarting the pod (using the
Restart= directive to control precisely when it must be restarted).
So far, I've tried using the healthchecks mechanism, but while podman
correctly detects that the container is unhealthy, no further action is
taken.
Is there any way to achieve the desired result?
Regards,
François
1 year
Using Eclipse with Podman Engine on Linux
by Mehdi Haghgoo
I want to use Eclipse with Podman backend on Windows. I have Podman Desktop installed and the podman context is:
Name URI Identity Default
podman-machine-default ssh://user@localhost:64926/run/user/1000/podman/podman.sock C:\Users\me\.ssh\podman-machine-default true
podman-machine-default-root ssh://root@localhost:64926/run/podman/podman.sock C:\Users\me\.ssh\podman-machine-default false
Eclipse's Docker tooling has a setting for Container engine like the following:
It takes either a unix socket or a TCP connection, but none of them accept the value specified by Podman URI like ssh://user@localhost:64926/run/user/1000/podman/podman.sock.
Is there a workaround I can connect Eclipse to Podman engine on Windows?
1 year
