6:59 a.m.
Hi,
that is probably caused by a regression in the kernel that is being
addressed right now.
Can you confirm it with the following command?
$ unshare -rmn mount -t sysfs sysfs /sys && echo it works
It works with crun because crun has some fallback path when mounting
sysfs (that can happen if the user doesn't own the network namespace),
but a fresh /sys in the container is preferrable when possible.
Regards,
Giuseppe
lejeczek via Podman <podman(a)lists.podman.io> writes:
On 22/02/2021 20:52, lejeczek via Podman wrote:
> Hi guys.
>
> Here are errors from my unsuccessful attempt to create a rootless
> container, which to novices such as myself are quite cryptic:
>
> -> $ podman run -d --restart=always --pod=jat-${HOSTNAME%%.*}
> --security-opt label=disable --volume
> /srv/containers/podmania/jat-redis:/data --name redis
> docker.io/library/redis
> ERRO[0000] error starting some container dependencies
> ERRO[0000] "container_linux.go:370: starting container process
> caused: process_linux.go:459: container init caused:
> rootfs_linux.go:59: mounting \"sysfs\" to rootfs at \"/sys\"
caused:
> operation not permitted: OCI permission denied"
> Error: error starting some containers: internal libpod error
>
> I'm trying to drop the container into a pod which is rootless
> too. The error persist also with/in 'Permissive' selinux.
> Somebody could help decrypt & troubleshoot this?
> I'm on Centos Steam with:
> podman-3.0.0-0.33rc2.module_el8.4.0+673+eabfc99d.x86_64
>
> many thanks, L.
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
this is rather sad that 'crun' does not get pulled in as rpm
dependency of 'podman' and that we have to find out hard way.
regards, L.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io