shouldn't the current directory be the default context for "podman build"?
by Robert P. J. Day
"man podman-build" suggests that the context argument is optional:
SYNOPSIS
podman build [options] [context]
podman image build [options] [context]
...
If no context directory is specified, then Podman will assume
the current working directory as the build context, which
should contain the Containerfile.
but if i have a directory with nothing but a Containerfile, i get:
$ podman build
Error: no context directory specified, and no containerfile specified
$
OTOH, specifying context of current directory:
$ podman build .
STEP 1: FROM alpine:latest
... etc etc ...
thoughts?
rday
1 week, 4 days
RunRoot & mistaken IDs
by lejeczek
Hi guys.
I experience this:
-> $ podman images
WARN[0000] RunRoot is pointing to a path
(/run/user/1007/containers) which is not writable. Most
likely podman will fail.
Error: creating events dirs: mkdir /run/user/1007:
permission denied
-> $ id
uid=2001(podmania) gid=2001(podmania) groups=2001(podmania)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I think it might have something to do with the fact that I
changed UID for the user, but why would this be?
How troubleshoot & fix it, ideally without system reboot?
many thanks, L.
10 months, 4 weeks
mqueue msg_max in rootless container
by Michael Ivanov
Hallo!
I'm trying to run my application in podman rootless container and I stumble
on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at
least 256, but in running container this value is just 10. When I try to
specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256')
I get the following error:
Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied
and container is not created.
My host where container is being run has this parameter set to 256. How can I
expose current host setting for msg_max to my container?
Best regards,
--
\ / | |
(OvO) | Михаил Иванов |
(^^^) | |
\^/ | E-mail: ivans(a)isle.spb.ru |
^ ^ | |
1 year
[Announcement] New Podman release: v4.7.0
by Lokesh Mandvekar
We’re excited to announce that Podman v4.7.0 has been released! This
release includes over 40 features and over 30 bugfixes. Some highlights
include:
- Modules feature on Linux: A module is a containers.conf file located
at a specific directory. Stay tuned for an upcoming blog post explaining
this feature in detail.
- Docker Compose bugfix: We fixed a bug with resource limits that caused
Docker Compose to be unable to run containers due to being unable to set
oom_score_adj when the most recent crun version was used as OCI runtime.
- Better Quadlet: Support for DNS, ShmSize, PidsLimit and Ulimit options.
For a full list of features, bugfixes and changes, check out the v4.7.0
release page
https://github.com/containers/podman/releases/tag/v4.7.0
Try it out and let us know what you think!
--
Lokesh
Libera, GitLab, GitHub, Fedora: lsm5
Matrix: @lsm5:lsm5.ems.host
GPG: 9E33DD8704CC03E2DEB84D9A1C1EDD7CC7C3A0DD
https://keybase.io/lsm5
1 year, 2 months
systemctl status during podman build
by etc@balosh.net
Hi, question that I don't understand,
I'd be grateful for explaining or reference to what I should read to get it.
Why during Podman build command
`systemctl enable httpd`
is working
but
`systemctl status httpd`
is not working?
Dockerfile not working:
```
FROM registry.access.redhat.com/ubi8/ubi-init
RUN yum -y install httpd; yum clean all;
RUN systemctl enable httpd;
RUN systemctl status httpd;
```
output of `podman build .`:
```
STEP 2/4: RUN yum -y install httpd; yum clean all;
STEP 1/4: FROM registry.access.redhat.com/ubi8/ubi-init
Build output:
--> 02f6efde590f
--> Using cache 02f6efde590f9fec989c04a01a661d2650b462aeb8e61ad3c0e00aae1b16b1ef
--> Using cache 4f85f566fdee4fd8f5e8058dbf39c5ec9be95a4879d4d9a8c7a77f5b9cadf8a7
STEP 3/4: RUN systemctl enable httpd;
STEP 4/4: RUN systemctl status httpd;
--> 4f85f566fdee
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
```
But!
If I exec into the container when he is running both of them are working.
Working Dockerfile:
```
FROM registry.access.redhat.com/ubi8/ubi-init
RUN yum -y install httpd; yum clean all;
RUN systemctl enable httpd;
```
command:
`podman build . -t x ; podman run -d --name x x ; podman exec -ti x bash -c "systemctl status httpd"`
runs with success
```
STEP 1/3: FROM registry.access.redhat.com/ubi8/ubi-init
STEP 2/3: RUN yum -y install httpd; yum clean all;
--> Using cache 02f6efde590f9fec989c04a01a661d2650b462aeb8e61ad3c0e00aae1b16b1ef
--> 02f6efde590f
STEP 3/3: RUN systemctl enable httpd;
--> Using cache 4f85f566fdee4fd8f5e8058dbf39c5ec9be95a4879d4d9a8c7a77f5b9cadf8a7
COMMIT x
--> 4f85f566fdee
Successfully tagged localhost/x:latest
4f85f566fdee4fd8f5e8058dbf39c5ec9be95a4879d4d9a8c7a77f5b9cadf8a7
214ee56866fc0e7d71b6d152749bdcb65d4e5aadb95dafcebb5661ee20770619
[root@214ee56866fc /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-09-19 20:07:22 UTC; 6s ago
Docs: man:httpd.service(8)
Main PID: 30 (httpd)
Status: "Started, listening on: port 80"
Tasks: 213 (limit: 1638)
Memory: 22.3M
CGroup: /system.slice/httpd.service
├─30 /usr/sbin/httpd -DFOREGROUND
├─34 /usr/sbin/httpd -DFOREGROUND
├─35 /usr/sbin/httpd -DFOREGROUND
├─36 /usr/sbin/httpd -DFOREGROUND
└─37 /usr/sbin/httpd -DFOREGROUND
versions:
podman version 4.6.2
on macos ventura 13.5.2
1 year, 3 months
Re: Can user override registries.conf?
by Valentin Rothberg
On Fri, Sep 22, 2023 at 9:01 PM Rahaman, Ronald O <rrahaman6(a)gatech.edu>
wrote:
> Hi all,
>
>
>
> Can you confirm that, in rootless, users cannot override
> /etc/containers/registries.conf with ~/.config/containers/registries.conf
> ? We’d like to be able to whitelist registries for our site.
>
Yes, users can override system configurations in their home directory. As
outlined in the man pages [1], the config in the home directory will be
loaded _instead_ of the system configuration in /etc. That means it will
override and not add to the system configuration.
Kind regards,
Valentin
[1]
https://github.com/containers/image/blob/main/docs/containers-registries....
> As an example, suppose I have this in /etc/containers/registries.conf.
> The intent is to blacklist all of docker.io; and whitelilst
> docker.io/ubuntu. I’ve found it works as intended.
>
>
>
> [[registry]]
>
> location="docker.io"
>
> blocked=true
>
>
>
> [[registry]]
>
> location="docker.io/ubuntu"
>
> blocked=false
>
>
>
> I want to confirm that a user can’t whitelist additional registries in
> ~/.config/containers/registries.conf with something like
>
>
>
> [[registry]]
>
> location="docker.io/unsafe-namespace"
>
> blocked=false
>
>
>
> I’ve tested this myself, and it seems like users can’t override. But I’d
> like to be 100% sure.
>
>
>
> Thanks,
>
> Ron
>
>
>
> --------
>
> Ron Rahaman
>
> Research Scientist II, Research Software Engineer
>
> Partnership for an Advanced Computing Environment (PACE)
>
> Georgia Institute of Technology
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
1 year, 3 months
Can user override registries.conf?
by Rahaman, Ronald O
Hi all,
Can you confirm that, in rootless, users cannot override /etc/containers/registries.conf with ~/.config/containers/registries.conf ? We’d like to be able to whitelist registries for our site.
As an example, suppose I have this in /etc/containers/registries.conf. The intent is to blacklist all of docker.io; and whitelilst docker.io/ubuntu. I’ve found it works as intended.
[[registry]]
location="docker.io"
blocked=true
[[registry]]
location="docker.io/ubuntu"
blocked=false
I want to confirm that a user can’t whitelist additional registries in ~/.config/containers/registries.conf with something like
[[registry]]
location="docker.io/unsafe-namespace"
blocked=false
I’ve tested this myself, and it seems like users can’t override. But I’d like to be 100% sure.
Thanks,
Ron
--------
Ron Rahaman
Research Scientist II, Research Software Engineer
Partnership for an Advanced Computing Environment (PACE)
Georgia Institute of Technology
1 year, 3 months