shouldn't the current directory be the default context for "podman build"?
by Robert P. J. Day
"man podman-build" suggests that the context argument is optional:
SYNOPSIS
podman build [options] [context]
podman image build [options] [context]
...
If no context directory is specified, then Podman will assume
the current working directory as the build context, which
should contain the Containerfile.
but if i have a directory with nothing but a Containerfile, i get:
$ podman build
Error: no context directory specified, and no containerfile specified
$
OTOH, specifying context of current directory:
$ podman build .
STEP 1: FROM alpine:latest
... etc etc ...
thoughts?
rday
1 month, 1 week
mqueue msg_max in rootless container
by Michael Ivanov
Hallo!
I'm trying to run my application in podman rootless container and I stumble
on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at
least 256, but in running container this value is just 10. When I try to
specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256')
I get the following error:
Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied
and container is not created.
My host where container is being run has this parameter set to 256. How can I
expose current host setting for msg_max to my container?
Best regards,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
1 year, 1 month
=?utf-8?q?=5BPodman=5D?=(Meta) Security warnings for podman mailing list
by Joost Molenaar
Hi all, for ~every message posted to this list, some email clients
display an error, in my case "This email has failed its domain's
authentication requirements. It may be spoofed or improperly
forwarded."
These are the authentication results for a recent message from the
list:
Authentication-Results: mailin008.protonmail.ch; arc=none smtp.remote-ip=8.43.85.227
Authentication-Results: mailin008.protonmail.ch; dkim=none
Authentication-Results: mailin008.protonmail.ch; spf=none smtp.mailfrom=lists.podman.io
Authentication-Results: mailin008.protonmail.ch; dmarc=fail (p=none dis=none) header.from=redhat.com
If I understand correctly, Mailman has an option[1] to change the
From: header in the email and add the original sender's name and
address to the Reply-To: header, which leads to a slightly worse user
experience, but is better for security because it reduces the number
of false positives we get exposed to.
So my question is, could we enable DMARC mitigation to reduce
warning fatigue?
Regards,
Joost Molenaar
[1]: https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/handlers...
2 years
podman container storage backup
by Michael Ivanov
Greetings,
I make periodic backups of my laptop where I use some podman containers.
To perform a backup I just invoke rsync to copy my /home/xxxx/.local/share/containers
directory to nfs mounted filesystem.
Containers are running, but quiescent, no real activity occurs.
Is this a correct way to back up or is there anything special about
container directory to be taken into account? As far as I understand
some hash-named subdirectories are shared between different containers
and images using special kind of mounts, can this lead to duplicate
copies r inconsistencies?
Underlying fs is btrfs.
Thanks,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
2 years, 3 months
runtime/cgo: pthread_create failed: Resource temporarily unavailable SIGABRT: abort
by GHui Wu
$ podman images
runtime/cgo: pthread_create failed: Resource temporarily unavailable
SIGABRT: abort
PC=0x2b9fff366387 m=0 sigcode=18446744073709551610
goroutine 0 [idle]:
runtime: unknown pc 0x2b9fff366387
stack: frame={sp:0x7ffe6e195d58, fp:0x0} stack=[0x7ffe6df97128,0x7ffe6e196160)
00007ffe6e195c58: 2f7374726f707865 762f3a6572616873
00007ffe6e195c68: 662f62696c2f7261 652f6b617074616c
00007ffe6e195c78: 732f7374726f7078 73752f3a65726168
00007ffe6e195c88: 2f6c61636f6c2f72 752f3a6572616873
00007ffe6e195c98: 65726168732f7273 0000000000000000
00007ffe6e195ca8: 0000000000000000 0000000000000000
00007ffe6e195cb8: 0000000000000000 2e656d69746e7572
00007ffe6e195cc8: 6e65766163736762 0000000000000000
00007ffe6e195cd8: 0000000000000000 2f3a65726168732f
00007ffe6e195ce8: 2f62696c2f726176 0000000074616c66
00007ffe6e195cf8: 2f7374726f707865 0000000000000002
00007ffe6e195d08: 0000000000000000 0000000000000000
00007ffe6e195d18: 0000000000000000 0000000000000000
00007ffe6e195d28: 00002b9fff6f8868 00000000020600ae
00007ffe6e195d38: 0000000003ff0080 0000000000000000
00007ffe6e195d48: 0000000001f8b1e0 0000000000000000
00007ffe6e195d58: <00002b9fff367a78 0000000000000020
00007ffe6e195d68: 0000000000000000 0000000000000000
00007ffe6e195d78: 0000000000000000 0000000000000000
00007ffe6e195d88: 0000000000000000 0000000000000000
00007ffe6e195d98: 0000000000000000 0000000000000000
00007ffe6e195da8: 0000000000000000 0000000000000000
00007ffe6e195db8: 0000000000000000 0000000000000000
00007ffe6e195dc8: 0000000000000000 0000000000000000
00007ffe6e195dd8: 0000000000000000 0000000000000000
00007ffe6e195de8: 0000000000000000 0000000000000000
00007ffe6e195df8: 0000000000000000 0000000000000000
00007ffe6e195e08: 0000000000000000 0000000000000000
00007ffe6e195e18: 0000000000000000 0000000000000000
00007ffe6e195e28: 0000000000000000 0000000000000000
00007ffe6e195e38: 0000000000000000 0000000003ff0080
00007ffe6e195e48: 0000000000000000 0000000001f8b1e0
runtime: unknown pc 0x2b9fff366387
stack: frame={sp:0x7ffe6e195d58, fp:0x0} stack=[0x7ffe6df97128,0x7ffe6e196160)
00007ffe6e195c58: 2f7374726f707865 762f3a6572616873
00007ffe6e195c68: 662f62696c2f7261 652f6b617074616c
00007ffe6e195c78: 732f7374726f7078 73752f3a65726168
00007ffe6e195c88: 2f6c61636f6c2f72 752f3a6572616873
00007ffe6e195c98: 65726168732f7273 0000000000000000
00007ffe6e195ca8: 0000000000000000 0000000000000000
00007ffe6e195cb8: 0000000000000000 2e656d69746e7572
00007ffe6e195cc8: 6e65766163736762 0000000000000000
00007ffe6e195cd8: 0000000000000000 2f3a65726168732f
00007ffe6e195ce8: 2f62696c2f726176 0000000074616c66
00007ffe6e195cf8: 2f7374726f707865 0000000000000002
00007ffe6e195d08: 0000000000000000 0000000000000000
00007ffe6e195d18: 0000000000000000 0000000000000000
00007ffe6e195d28: 00002b9fff6f8868 00000000020600ae
00007ffe6e195d38: 0000000003ff0080 0000000000000000
00007ffe6e195d48: 0000000001f8b1e0 0000000000000000
00007ffe6e195d58: <00002b9fff367a78 0000000000000020
00007ffe6e195d68: 0000000000000000 0000000000000000
00007ffe6e195d78: 0000000000000000 0000000000000000
00007ffe6e195d88: 0000000000000000 0000000000000000
00007ffe6e195d98: 0000000000000000 0000000000000000
00007ffe6e195da8: 0000000000000000 0000000000000000
00007ffe6e195db8: 0000000000000000 0000000000000000
00007ffe6e195dc8: 0000000000000000 0000000000000000
00007ffe6e195dd8: 0000000000000000 0000000000000000
00007ffe6e195de8: 0000000000000000 0000000000000000
00007ffe6e195df8: 0000000000000000 0000000000000000
00007ffe6e195e08: 0000000000000000 0000000000000000
00007ffe6e195e18: 0000000000000000 0000000000000000
00007ffe6e195e28: 0000000000000000 0000000000000000
00007ffe6e195e38: 0000000000000000 0000000003ff0080
00007ffe6e195e48: 0000000000000000 0000000001f8b1e0
goroutine 1 [running, locked to thread]:
runtime.asmcgocall(0x18ea9a0, 0xc0000986f8)
/usr/lib/golang/src/runtime/asm_amd64.s:652 +0x42 fp=0xc0000986e0 sp=0xc0000986d8 pc=0x47e302
runtime.newm1(0xc000100400)
/usr/lib/golang/src/runtime/proc.go:2139 +0xa5 fp=0xc000098720 sp=0xc0000986e0 pc=0x44a685
runtime.newm(0x1de1bc0, 0x0, 0xffffffffffffffff)
/usr/lib/golang/src/runtime/proc.go:2123 +0xa6 fp=0xc000098758 sp=0xc000098720 pc=0x44a526
runtime.startTemplateThread()
/usr/lib/golang/src/runtime/proc.go:2164 +0xb2 fp=0xc000098788 sp=0xc000098758 pc=0x44a7b2
runtime.main()
/usr/lib/golang/src/runtime/proc.go:204 +0x1d9 fp=0xc0000987e0 sp=0xc000098788 pc=0x446719
runtime.goexit()
/usr/lib/golang/src/runtime/asm_amd64.s:1371 +0x1 fp=0xc0000987e8 sp=0xc0000987e0 pc=0x47e6c1
rax 0x0
rbx 0x2b9fff6f8868
rcx 0xffffffffffffffff
rdx 0x6
rdi 0x121b
rsi 0x121b
rbp 0x20600ae
rsp 0x7ffe6e195d58
r8 0xa
r9 0x2b9ffe04d840
r10 0x8
r11 0x206
r12 0x3ff0080
r13 0x0
r14 0x1f8b1e0
r15 0x0
rip 0x2b9fff366387
rflags 0x206
cs 0x33
fs 0x0
gs 0x0
2 years, 3 months
podman-desktop external email list?
by Tom Sweeney
Hey All,
Good idea for the internal list. Should I also create a
podman-desktop(a)list.podman.io for external to Red Hat use? That would
mirror the Podman mailing list, podman(a)lists.podman.io.
t
2 years, 3 months
Can’t run systemd in podman container
by Yvan Masson
Hi list,
I am quite new to Podman/Docker and containers in general. For some
reasons, I want to run systemd in a unprivileged container, but it does
not really works:
- If I run my container with `podman run localhost/my_image:latest` it
fails with error "Trying to run as user instance, but the system has not
been booted with systemd.". Using option `systemd=always` does not help.
- However, if I run my container with `podman run
localhost/my_image:latest /lib/systemd/systemd` then it works.
My Containerfile:
FROM docker.io/library/debian:bullseye
RUN apt-get update
RUN apt-get install systemd --assume-yes --no-install-recommends
CMD /lib/systemd/systemd
Do you know what should I do so that my `CMD /lib/systemd/systemd`
directive works?
Regards,
Yvan
2 years, 3 months
additionalimagestores is too slow
by GHui Wu
I have set additionalimagestores. But the the path is a network disk, I want to pull it to the local disk.
How can I pull it to the local disk?
2 years, 3 months
ls: cannot open directory mysql/: Permission denied
by GHui Wu
I haven't permission in container to access the directory which is mounted from host.
$ podman run -dt -v ./mysql/data:/mysql centos:7.9.2009 sleep 36000
$ podman exec -it 920b52079e67 /bin/bash
[root@920b52079e67 mysql]# useradd mysql
[root@920b52079e67 mysql]# su - mysql
[mysql@920b52079e67 mysql]$ cd /
[mysql@920b52079e67 /]$ ll
total 44
-rw-r--r-- 1 root root 12114 Nov 13 2020 anaconda-post.log
lrwxrwxrwx 1 root root 7 Nov 13 2020 bin -> usr/bin
drwxr-xr-x 5 root root 360 Sep 22 10:39 dev
drwxr-xr-x 47 root root 460 Sep 22 10:40 etc
drwxr-xr-x 3 root root 60 Sep 22 10:40 home
lrwxrwxrwx 1 root root 7 Nov 13 2020 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Nov 13 2020 lib64 -> usr/lib64
drwxr-xr-x 2 root root 4096 Apr 11 2018 media
drwxr-xr-x 2 root root 4096 Apr 11 2018 mnt
drwxrwxrwx 2 root root 4096 Sep 22 10:28 mysql
drwxr-xr-x 2 root root 4096 Apr 11 2018 opt
dr-xr-xr-x 1394 65534 65534 0 Sep 22 10:39 proc
dr-xr-x--- 2 root root 4096 Nov 13 2020 root
drwxr-xr-x 11 root root 60 Sep 22 10:39 run
lrwxrwxrwx 1 root root 8 Nov 13 2020 sbin -> usr/sbin
drwxr-xr-x 2 root root 4096 Apr 11 2018 srv
dr-xr-xr-x 13 65534 65534 0 Sep 22 10:01 sys
drwxrwxrwx 7 root root 4096 Nov 13 2020 tmp
drwxr-xr-x 13 root root 4096 Nov 13 2020 usr
drwxr-xr-x 18 root root 80 Sep 22 10:40 var
[mysql@920b52079e67 /]$ ls mysql/
ls: cannot open directory mysql/: Permission denied
[mysql@920b52079e67 /]$
2 years, 3 months
Additional stores configuration to cache images
by Ganeshar, Puvi
Hello All,
I am following Dan Walsh’s SysAdmin article (https://developers.redhat.com/blog/2019/08/14/best-practices-for-running-...) to speed up our CI builds in Jenkins.
I am trying to do what’s suggested under “Additional stores”, basically volume mounting the directory where the containerd stores on the K8s host into a container under /var/lib/shared.
We are running containerd as the runtime on an EKS cluster.
According to the article, I need to do:
# mkdir /var/lib/containers4
# podman run -v ./build:/build:z -v /var/lib/containers/storage:/var/lib/shared:ro -v \ /var/lib/containers4:/var/lib/containers:Z quay.io/buildah/stable<http://quay.io/buildah/stable> \
buildah -t image4 bud /build
# podman run -v /var/lib/containers/storage:/var/lib/shared:ro \
-v >/var/lib/containers4:/var/lib/containers:Z quay.io/buildah/stable<http://quay.io/buildah/stable> buildah push image4 \ registry.company.com/myuser<http://registry.company.com/myuser>
Can someone please tell me the equivalent directory for /var/lib/containers/storage? I.e where does containerd store the download images on the Kubernetes worker nodes?
The containerd config looks like this:
# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
[grpc]
address = "/run/containerd/containerd.sock"
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = “XXXXXXXX.amazonaws.com/eks/pause:3.5<http://XXXXXXXX.amazonaws.com/eks/pause:3.5>"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
Thanks in advance.
Puvi Ganeshar
2 years, 3 months