November 2024 - Podman - Podman List Archives

by lejeczek

Hi guys. I experience this: -> $ podman images WARN[0000] RunRoot is pointing to a path (/run/user/1007/containers) which is not writable. Most likely podman will fail. Error: creating events dirs: mkdir /run/user/1007: permission denied -> $ id uid=2001(podmania) gid=2001(podmania) groups=2001(podmania) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 I think it might have something to do with the fact that I changed UID for the user, but why would this be? How troubleshoot & fix it, ideally without system reboot? many thanks, L.

1 month

4
11
0 / 0

shouldn't the current directory be the default context for "podman build"?

by Robert P. J. Day

"man podman-build" suggests that the context argument is optional: SYNOPSIS podman build [options] [context] podman image build [options] [context] ... If no context directory is specified, then Podman will assume the current working directory as the build context, which should contain the Containerfile. but if i have a directory with nothing but a Containerfile, i get: $ podman build Error: no context directory specified, and no containerfile specified $ OTOH, specifying context of current directory: $ podman build . STEP 1: FROM alpine:latest ... etc etc ... thoughts? rday

7 months, 3 weeks

4
5
0 / 0

FreeBSD Podman Machine for FreeBSD containers

by Chris Jones

Good afternoon, I’m just getting my feet wet with Podman and curious if anyone is running a FreeBSD Podman Machine to run FreeBSD containers. I’m particularly interested in running containers under macOS (my workstation). I know that a lot of recent work has gone into making OCI FreeBSD native container images for the latest release candidate for FreeBSD 14.2 located here: https://download.freebsd.org/releases/OCI-IMAGES/14.2-RC1/aarch64/Latest/ There is progress being made in running Podman containers on FreeBSD with information here: https://freebsdfoundation.org/blog/advancing-cloud-native-containers-on-f... Cheers, -Chris

8 months, 1 week

1
0
0 / 0

Podman pulls image every time --build is passed to compose on Mac

by Mehdi Haghgoo

I was expecting Podman to avoid pulling images again every time I run "docker-compose up --build" on Mac (Apple Silicon). I only want the new Python dependencies (in requirements.txt) to be added to the container image, but don't see the necessity of pulling the 200MB image once again each time. Is this expected behavior? Here's my Containerfile: FROM docker.io/library/python:3.12 COPY . /app WORKDIR /app RUN pip install -r requirements.txt CMD ["python", "app.py"]

8 months, 1 week

1
0
0 / 0

Podman v5.3.1 Released

by Do Not Reply

Hi all, Podman v5.3.1 is now available. You may view the full details at https://github.com/containers/podman/releases/tag/v5.3.1 Release Notes: -------------- - Fixed a bug where the `--ignition-path` option to `podman machine init` would prevent creation of necessary files for the VM, rendering it unusable ([#23544](https://github.com/containers/podman/issues/23544)). - Fixed a bug where rootless containers using the `bridge` networking mode would be unable to start due to a panic caused by a nil pointer dereference ([#24566](https://github.com/containers/podman/issues/24566)). - Fixed a bug where Podman containers would try to set increased rlimits when started in a user namespace, rendering containers unable to start ([#24508](https://github.com/containers/podman/issues/24508)). - Fixed a bug where certain SSH configurations would make the remote Podman client unable to connect to the server ([#24567](https://github.com/containers/podman/issues/24567)). - Fixed a bug where the Windows installer could install WSLv2 when upgrading an existing Podman installation that used the Hyper-V virtualization backend. This message was generated by an automated system. Replies to the sender will bounce, be ignored and discarded.

8 months, 2 weeks

1
0
0 / 0

December 3, 2024 Podman Community Meeting Cancelled!

by Tom Sweeney

Hi All, Most of the regular attendees have other commitments, so we are canceling the December 3, 2024 Podman Community Meeting. The Podman Community Meeting will meet next on Tuesday, February 4, 2025 at 11:00 a.m EST (UTC-5), and the Podman Cabal meeting on Tuesday January 7, 2025 at 11:00 a.m. EST (UTC-5). Hope to see you there! t Agenda: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both

8 months, 2 weeks

1
0
0 / 0

regression after update to podman v5

by Leon Fauster

Hi all, RHEL9.5 is GA and with this release also podman and friends got updates. podman-4.9.4 -> 5.2.2 Since then, I have a couple of rootless containers that have problems with their volumes. The minimal example is as follows: $ cat Containerfile FROM fedora:41 USER 1000:1000 ENV HOME=/data WORKDIR /data VOLUME ["/data"] So, when started, the volume (as specified in the file) will be created automatically. With podmam 4.9 podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \ localhost/test:latest ls -la /data drwxr-xr-x. 2 1000 1000 4096 Nov 20 12:44 . dr-xr-xr-x. 1 root root 4096 Nov 20 12:44 .. shows that the volume is mounted in the container with the USER id. This works so far for my workload. With podmam 5.2 podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \ localhost/test:latest ls -la /data drwxr-xr-x. 2 999 999 4096 Nov 20 12:11 . dr-xr-xr-x. 1 root root 4096 Nov 20 12:46 .. shows that the volume is mounted in the container with (USER id - 1). The user can not write to the folder and the container fails to operate. Forcing to use a named volume for overlay podman v5 shows the same output but when the destination is changed to a different directory (/side), it gets the right owner set: podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \ -v ${RANDOM}:/side localhost:8085/shee/test:latest ls -la /side drwxr-xr-x. 2 1000 1000 4096 Nov 20 12:51 . dr-xr-xr-x. 1 root root 4096 Nov 20 12:51 .. I read the changelogs but didn't find any hints for a solution. I would appreciate any feedback, thanks! -- Leon

8 months, 2 weeks

1
1
0 / 0

disk space below ~/.local/share/containers/storage/overlay

by Matthias Apitz

After stop of a container massive data remains below ~/.local/share/containers/storage/overlay Steps to reproduce: cups@srap57dxr1:~> podman image list REPOSITORY TAG IMAGE ID CREATED SIZE localhost/sles15-sp6-v73-sp1 latest caeabd52aa4a 46 hours ago 26 GB localhost/sles15-sp6-v73 latest 690f90eaed0f 46 hours ago 20.2 GB registry.suse.com/bci/bci-base 15.6 075e3ce8c342 11 days ago 125 MB cups@srap57dxr1:~> podman run --tz='Europe/Berlin' -d -p 2022:22 sles15-sp6-v73 cups@srap57dxr1:~> podman container list CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 43e7d4f12f27 localhost/sles15-sp6-v73:latest 10 minutes ago Up 10 minutes 0.0.0.0:2022->22/tcp gracious_sinoussi This start creates two new dirs below /home/cups/.local/share/containers/storage/overlay: srap57dxr1:/home/cups/.local/share/containers/storage/overlay # ls -ltr | tail -2 drwxr-xr-x 2 cups root 17408 Nov 13 11:14 l drwx------ 6 cups root 1024 Nov 13 11:14 fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba srap57dxr1:/home/cups/.local/share/containers/storage/overlay # du -sh fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba 5.4G fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba Now I kill the container with: cups@srap57dxr1:~> podman kill 43e7d4f12f27 43e7d4f12f27 The dirs remain: srap57dxr1:/home/cups/.local/share/containers/storage/overlay # ls -ltr | tail -2 drwxr-xr-x 2 cups root 17408 Nov 13 11:14 l drwx------ 5 cups root 1024 Nov 13 11:27 fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba and occupy ~5.4G space: srap57dxr1:/home/cups/.local/share/containers/storage/overlay # du -sh fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba 5.4G fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba and this on any start/stop of the container. I did a closer look what is there below such a directory. We use such containers to test the update of our server software to the next release. Such update brings ~1 GByte gzip'ed packages and files and below such a directory is exactly what was updated, binary identical with what was stored as new versions of the files, for example a new delivered file '/opt/lib/sisis/etc/pos.rc' is there as fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba/diff/opt/lib/sisis/etc/pos.rc like many other files: # find fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba | grep /opt/lib/sisis | wc -l 2494 # find fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba | grep /usr/local/sisis-pap | wc -l 27879 Questions: 1) Why this data remains after stop of container? 2) Can I just remove this directory with 'rm -r ....'? 3) I did a test and renamed such directory to xxxx.away fb646bf8e1eb6f157c8b2430897df11da78a9e7c0e38858959066d5c40a2adba.away No error message showed up on next start. Any hits on this? Thanks -- Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023) I, Matthias, I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland.

8 months, 3 weeks

3
4
0 / 0

Podman v5.3.0 Released

by Do Not Reply

Hi all, Podman v5.3.0 is now available. You may view the full details at https://github.com/containers/podman/releases/tag/v5.3.0 Release Notes: -------------- ### Features - The `podman kube generate` and `podman kube play` commands can now create and run Kubernetes Job YAML ([#17011](https://github.com/containers/podman/issues/17011)). - The `podman kube generate` command now includes information on the user namespaces for pods and containers in generated YAML. The `podman kube play` command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML. - The `podman kube play` command now supports Kubernetes volumes of type image ([#23775](https://github.com/containers/podman/issues/23775)). - The service name of systemd units generated by Quadlet can now be set with the `ServiceName` key in all supported Quadlet files ([#23414](https://github.com/containers/podman/issues/23414)). - Quadlets can now disable their implicit dependency on `network-online.target` via a new key, `DefaultDependencies`, supported by all Quadlet files ([#24193](https://github.com/containers/podman/issues/24193)). - Quadlet `.container` and `.pod` files now support a new key, `AddHost`, to add hosts to the container or pod. - The `PublishPort` key in Quadlet `.container` and `.pod` files can now accept variables in its value ([#24081](https://github.com/containers/podman/issues/24081)). - Quadlet `.container` files now support two new keys, `CgroupsMode` and `StartWithPod`, to configure cgroups for the container and whether the container will be started with the pod it is part of ([#23664](https://github.com/containers/podman/issues/23664) and [#24401](https://github.com/containers/podman/issues/24401)). - Quadlet `.container` files can now use the network of another container by specifying the `.container` file of the container to share with in the `Network` key. - Quadlet `.container` files can now mount images managed by `.image` files into the container by using the `Mount=type=image` key with a `.image` target. - Quadlet `.pod` files now support six new keys, `DNS`, `DNSOption`, `DNSSearch`, `IP`, `IP6`, and `UserNS`, to configure DNS, static IPs, and user namespace settings for the pod ([#23692](https://github.com/containers/podman/issues/23692)). - Quadlet `.image` files can now give an image multiple times by specifying the `ImageTag` key multiple times ([#23781](https://github.com/containers/podman/issues/23781)). - Quadlets can now be placed in the `/run/containers/systemd` directory as well as existing directories like `$HOME/containers/systemd` and `/etc/containers/systemd/users`. - Quadlet now properly handles subdirectories of a unit directory being a symlink ([#23755](https://github.com/containers/podman/issues/23755)). - The `podman manifest inspect` command now includes the manifest's annotations in its output. - The output of the `podman inspect` command for containers now includes a new field, `HostConfig.AutoRemoveImage`, which shows whether a container was created with the `--rmi` option set. - The output of the `podman inspect` command for containers now includes a new field, `Config.ExposedPorts`, which includes all exposed ports from the container, improving Docker compatibility. - The output of the `podman inspect` command for containers now includes a new field, `Config.StartupHealthCheck`, which shows the container's startup healthcheck configuration. - The output of the `podman inspect` command for containers now includes a new field in `Mounts`, `SubPath`, which contains any subpath set for image or named volumes. - The `podman machine list` command now supports a new option, `--all-providers`, which lists machines from all supported VM providers, not just the one currently in use. - VMs run by `podman machine` on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM ([#23408](https://github.com/containers/podman/issues/23408)). - The `podman buildx prune` and `podman image prune` commands now support a new option, `--build-cache`, which will also clean the build cache. - The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V). - The `--add-host` option to `podman create`, `podman run`, and `podman pod create` now supports specifying multiple hostnames, semicolon-separated (e.g. `podman run --add-host test1;test2:192.168.1.1`) ([#23770](https://github.com/containers/podman/issues/23770)). - The `podman run` and `podman create` commands now support three new options for configuring healthcheck logging: `--health-log-destination` (specify where logs are stored), `--health-max-log-count` (specify how many healthchecks worth of logs are stored), and `--health-max-log-size` (specify the maximum size of the healthcheck log). ### Changes - Podman now uses the Pasta `--map-guest-addr` option by default which is used for the `host.containers.internal` entry in `/etc/hosts` to allow containers to reach the host by default ([#19213](https://github.com/containers/podman/issues/19213)). - The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with `-infra` ([#23665](https://github.com/containers/podman/issues/23665)). - The `podman system connection add` command now respects HTTP path prefixes specified with `tcp://` URLs. - Proxy environment variables (e.g. `https_proxy`) declared in `containers.conf` no longer escape special characters in their values when used with `podman machine` VMs ([#23277](https://github.com/containers/podman/issues/23277)). - The `podman images --sort=repository` command now also sorts by image tag as well, guaranteeing deterministic output ordering ([#23803](https://github.com/containers/podman/issues/23803)). - When a user has a rootless `podman machine` VM running and second rootful `podman machine` VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected ([#22577](https://github.com/containers/podman/issues/22577)). - Environment variable secrets are no longer contained in the output of `podman inspect` on a container the secret is used in ([#23788](https://github.com/containers/podman/issues/23788)). - Podman no longer exits 0 on SIGTERM by default. - Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously. - Quadlet user units now correctly wait for the network to be ready to use via a new service, `podman-user-wait-network-online.service`, instead of the user session's nonfunctional `network-online.target`. - Exposed ports in the output of `podman ps` are now correctly grouped and deduplicated when they are also published ([#23317](https://github.com/containers/podman/issues/23317)). - Quadlet build units no longer use `RemainAfterExit=yes` by default. ### Bugfixes - Fixed a bug where the `--build-context` option to `podman build` did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers ([#17313](https://github.com/containers/podman/issues/17313)). - Fixed a bug where Quadlet would generate bad arguments to Podman if the `SecurityLabelDisable` or `SecurityLabelNested` keys were used ([#23432](https://github.com/containers/podman/issues/23432)). - Fixed a bug where the `PODMAN_COMPOSE_WARNING_LOGS` environment variable did not suppress warnings printed by `podman compose` that it was redirecting to an external provider. - Fixed a bug where, if the `podman container cleanup` command was run on a container in the process of being removed, an error could be printed. - Fixed a bug where rootless Quadlet units placed in `/etc/containers/systemd/users/` would be loaded for root as well when `/etc/containers/systemd` was a symlink ([#23483](https://github.com/containers/podman/issues/23483)). - Fixed a bug where the remote Podman client's `podman stop` command would, if called with `--cidfile` pointing to a non-existent file and the `--ignore` option set, stop all containers ([#23554](https://github.com/containers/podman/issues/23554)). - Fixed a bug where the `podman wait` would only exit only after 20 second when run on a container which rapidly exits and is then restarted by the `on-failure` restart policy. - Fixed a bug where `podman volume rm` and `podman run -v` could deadlock when run simultaneously on the same volume ([#23613](https://github.com/containers/podman/issues/23613)). - Fixed a bug where running `podman mount` on a container in the process of being created could cause a nonsensical error indicating the container already existed ([#23637](https://github.com/containers/podman/issues/23637)). - Fixed a bug where the `podman stop` command could deadlock when run on containers with very large annotations ([#22246](https://github.com/containers/podman/issues/22246)). - Fixed a bug where the `podman machine stop` command could segfault on Mac when a VM failed to stop gracefully ([#23654](https://github.com/containers/podman/issues/23654)). - Fixed a bug where the `podman stop` command would not ensure containers created with `--rm` were removed when it exited ([#22852](https://github.com/containers/podman/issues/22852)). - Fixed a bug where the `--rmi` option to `podman run` did not function correctly with detached containers. - Fixed a bug where running `podman inspect` on a container on FreeBSD would emit an incorrect value for the `HostConfig.Device` field, breaking compatibility with the Ansible Podman module. - Fixed a bug where rootless Podman could fail to start containers using the `--cgroup-parent` option ([#23780](https://github.com/containers/podman/issues/23780)). - Fixed a bug where the `podman build -v` command did not properly handle Windows paths passed as the host directory. - Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace ([#24044](https://github.com/containers/podman/issues/24044)). - Fixed a bug where the remote Podman client's `podman run` command could sometimes fail to retrieve a container's exit code for containers run with the `--rm` option. - Fixed a bug where `podman machine` on Windows could fail to run VMs for certain usernames containing special characters. - Fixed a bug where Quadlet would reject `RemapUsers=keep-id` when run as root. - Fixed a bug where XFS quotas on volumes were not unique, meaning that all volumes using a quota shared the same maximum size and inodes (set by the most recent volume with a quota to be created). - Fixed a bug where `Service` section of Quadlet files would only use defaults and not respect user input ([#24322](https://github.com/containers/podman/issues/24322)). - Fixed a bug where `podman volume ls` would sometimes fail when a volume was removed at the same time it was run. - Fixed a bug where the `--tz=local` option could not be used when the `TZDIR` environment variable was set. ### API - The Play API for Kubernetes YAML now supports `application/x-tar` compressed context directories ([#24015](https://github.com/containers/podman/pull/24015)). - Fixed a bug in the Attach API for Containers (for both Compat and Libpod endpoints) which could cause inconsistent failures due to a race condition ([#23757](https://github.com/containers/podman/issues/23757)). - Fixed a bug where the output for the Compat Top API for Containers did not properly split the output into an array ([#23981](https://github.com/containers/podman/issues/23981)). - Fixed a bug where the Info API could fail when running `podman system service` via a socket-activated systemd service ([#24152](https://github.com/containers/podman/issues/24152)). - Fixed a bug where the Events and Logs endpoints for Containers now send status codes immediately, as opposed to when the first event or log line is sent ([#23712](https://github.com/containers/podman/issues/23712)). ### Misc - Podman now requires Golang 1.22 or higher to build. - The output of `podman machine start` has been improved when trying to start a machine when another is already running ([#23436](https://github.com/containers/podman/issues/23436)). - Quadlet will no longer log spurious ENOENT errors when resolving unit directories ([#23620](https://github.com/containers/podman/issues/23620)). - The Docker alias shell script will now also honor the presence of `$XDG_CONFIG_HOME/containers/nodocker` when considering whether it should print its warning message that Podman is in use. - The podman-auto-update systemd unit files have been moved into the `contrib/systemd/system` directory in the repo for consistency with our other unit files. - Updated Buildah to v1.38.0 - Updated the containers/common library to v0.61.0 - Updated the containers/storage library to v1.56.0 - Updated the containers/image library to v5.33.0 This message was generated by an automated system. Replies to the sender will bounce, be ignored and discarded.

8 months, 3 weeks

1
0
0 / 0

inspect processes in a container with lsof, strace, ...

by Matthias Apitz

Hello, We have containers with SuSE Linux SLES 15 SP6 and detected the following issue: We can not inspect processes as user root, for example: ebe6737da6e8:~ # ps ax | tail -3 10924 ? Ss 0:00 postgres: sisis sisis 127.0.0.1(35456) idle 11037 pts/0 R+ 0:00 ps ax 11038 pts/0 S+ 0:00 tail -3 ebe6737da6e8:~ # lsof -p 10924 | head -3 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME postmaste 10924 postgres cwd unknown /proc/10924/cwd (readlink: Permission denied) postmaste 10924 postgres rtd unknown /proc/10924/root (readlink: Permission denied) It only works as the user who owns the process, in this case the PID 10924 the user 'postgres': ebe6737da6e8:~ # su - postgres postgres@ebe6737da6e8:~> lsof -p 10924 | head -3 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME postmaste 10924 postgres cwd DIR 0,60 1024 10816610 /data/postgresql151/data postmaste 10924 postgres rtd DIR 0,60 1024 11934131 / postgres@ebe6737da6e8:~> Why 'root' is not allowed to do this? matthias -- Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023) I, Matthias, I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland.

8 months, 3 weeks

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

Podman November 2024