Hi there,

Thanks for reaching out!

On Fri, Feb 19, 2021 at 10:14 PM boardbill_unpretended--- via Podman <podman@lists.podman.io> wrote:
Dear Podman list,

I am just starting to dip my toes into running containers in Podman 2.2.1 on RHEL 8.3 (Linux kernel 4.18) and would appreciate guidance on how to diagnose and solve an error I get when running as non-root.

My goal is to do R language development in containers, and I used `podman pull` to get these R images from the popular Rocker project (https://www.rocker-project.org/):

https://hub.docker.com/r/rocker/r-base
https://hub.docker.com/r/rocker/tidyverse
https://hub.docker.com/r/rocker/rstudio

The `r-base` image is just the R interpreter and it starts fine where I can just attach it to a terminal to run R commands.

However, the other images (`tidyverse` and `rstudio`) are built on top of `r-base` and when I run them as non-root (e.g. `podman run -ti rocker/tidyverse`) they give this error:

```
Error: OCI runtime error: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: Running hook #0:: error running hook: exit status 1, stdout: , stderr:
```

This indicates that an OCI hook failed to run.  Can you do an `$ ls /usr/libexec/oci/hooks.d/` and see if there are any hooks?  There might also be config files in `/etc/containers/oci/hooks.d` or `/usr/share/containers/oci/hooks.d` to control possibly installed hooks.

Do other images run?  For instance, `podman run --rm fedora ls`?

I suspect that there's an OCI hook installed that requires root and may run unconditionally.
 
Kind regards,
 Valentin

I have no idea how to interpret and understand this error message. The only clue I have is that these two images run without errors if I append `sudo` to my `podman run` command. I also checked the Dockerfiles (such as this one: https://github.com/rocker-org/rocker-versioned/blob/master/tidyverse/3.6.3.Dockerfile) and it's not clear what might be giving the error.

Oh, and the `rocker/rstudio` image allows you to specify ports i.e. `-p 8787:8787` but even if I leave out this argument, I still get the error above when running `podman run` on this image. So I don't think it's an issue with opening or mapping ports (and Podman allows this as non-root, right?).

How should I begin to diagnose the root of this problem and start fixing it?

To be clear, my goal is to run the images listed above ideally as a non-root user. Thank you!
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io