podman behavior on podman machine vs native
by Ed Haynes
I use podman desktop on my mac but do most things from the command line.
Consider this simple container file below. If I run from the mac command
line "podman run -it test" it successfully launches it on the podman
machine (a virtual fedora instance). From within container space if I do
"id" I see userid 2000 as expected. If I ssh into the podman machine, and
look at the uid of the running container it is also 2000 on the host fedora
virtual machine as well. This is different than how it behaves if I run
the same "podman run -it test" on a native RHEL9 machine. I can also log
into it and see it is uid 2000 from within container but when I look a the
native RHEL9 process running the container it has a uid of 526287. Why is
the behavior different? Is the remote podman client on the mac launching
things differently?
Thanks, Ed
# Use Red Hat UBI 9 as base image
FROM registry.access.redhat.com/ubi9/ubi
# Install procps and clean up metadata to reduce image size
RUN dnf install -y procps && \
dnf clean all && \
rm -rf /var/cache/dnf
# Add user1 with UID 2000
RUN useradd -u 2000 user1
# Switch to user1 (optional if you want the container to run as this user)
USER 2000
# Default command (can be changed as needed)
CMD ["/bin/bash"]
1 week, 6 days
Podman error on new server: "crun: Error mmapping the file"
by Rahaman, Ronald O
Hi all,
I'm seeing some crun errors when running Podman 5.2.2 for the first time on a new RHEL 9.5 server. We've been happily using Podman 5.2.2 with no issues on several of our pre-existing RHEL 9.5 servers. As far as I can tell, we're using the same configurations on this new server. Do you think there's a setup step we're missing?
I'm running hello world with
```
podman --log-level=debug run hello-world
```
And this is the suspicious part of the output. I can provide more output if you need it.
```
INFO[0000] Failed to add conmon to cgroupfs sandbox cgroup: creating cgroup path conmon: open /sys/fs/cgroup/cgroup.subtree_control: permission denied
[conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied
DEBU[0000] Received: -1
DEBU[0000] Cleaning up container 183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1
DEBU[0000] Tearing down network namespace at /run/user/3288771/netns/netns-91004d3e-3095-8f89-e705-d2e9818f8683 for container 183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1
DEBU[0000] Unmounted container "183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1"
DEBU[0000] ExitCode msg: "crun: error mmapping the file: no such device: oci runtime error"
Error: OCI runtime error: crun: Error mmapping the file: No such device
DEBU[0000] Shutting down engines
```
Thanks,
Ron
--------
Ron Rahaman
Research Scientist II, Research Software Engineer
Partnership for an Advanced Computing Environment (PACE)
Open Source Programming Office (OSPO)
Georgia Institute of Technology
2 weeks
RunRoot & mistaken IDs
by lejeczek
Hi guys.
I experience this:
-> $ podman images
WARN[0000] RunRoot is pointing to a path
(/run/user/1007/containers) which is not writable. Most
likely podman will fail.
Error: creating events dirs: mkdir /run/user/1007:
permission denied
-> $ id
uid=2001(podmania) gid=2001(podmania) groups=2001(podmania)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
I think it might have something to do with the fact that I
changed UID for the user, but why would this be?
How troubleshoot & fix it, ideally without system reboot?
many thanks, L.
2 weeks, 3 days