[Podman] Re: mqueue msg_max in rootless container

Nothing has changed that I know of. Giuseppe any ideas? On 11/25/23 10:55, Михаил Иванов wrote: Hallo Daniel, sorry, did anything change about this problem in these two years? Or --ipc host is still the only option? :-( Best regards, On 21.05.2021 16:11, Daniel Walsh wrote: On 5/20/21 16:39, Michael Ivanov wrote: Yes!!! --ipc host did it thanks a lot! Option with nsenter looks more preferrable to me, but as I understand I need first to start the container up, then run nsenter at host to change the mqueue settings and then somehow signal the container tht it can proceed with actual application. Is it possible to run nsenter during image build with buildah - I guess not? Best regards and thanks again! I have opened an internal discussion on this with the User Namespace maintainer of the kernel. We will see if anything comes of it. On 20.05.2021 23:10, Giuseppe Scrivano wrote: /proc/sys/fs/mqueue/msg_max is IPC namespaced but it is always owned by root in the initial user namespace. A rootless container doesn't have enough privileges to write to it. You can verify it with: $ podman run --rm fedora stat /proc/sys/fs/mqueue/msg_max File: /proc/sys/fs/mqueue/msg_max Size: 0 Blocks: 0 IO Block: 1024 regular empty file Device: 7bh/123d Inode: 3634162 Links: 1 Access: (0644/-rw-r--r--) Uid: (65534/ nobody) Gid: (65534/ nobody) So given the current limitation in the kernel, you have two possible choices to workaround it: 1) run with --ipc host 2) get some help from root in the host: $ sudo nsenter -i -t $CONTAINER_PID sh -c 'echo $NEW_MSG_MAX > /proc/sys/fs/mqueue/msg_max' Giuseppe Michael Ivanov<ivans(a)isle.spb.ru> writes: Yes it is 256: island:backend [master]> cat /proc/sys/fs/mqueue/msg_max 256 On 20.05.2021 21:00, Daniel Walsh wrote: On 5/20/21 08:29, Michael Ivanov wrote: Hallo! I'm trying to run my application in podman rootless container and I stumble on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at least 256, but in running container this value is just 10. When I try to specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256') I get the following error: Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied and container is not created. My host where container is being run has this parameter set to 256. How can I expose current host setting for msg_max to my container? Best regards, When you login to your user account is is et to 256? $ cat /proc/sys/fs/mqueue/msg_max 10 _______________________________________________ Podman mailing list --podman(a)lists.podman.io To unsubscribe send an email topodman-leave(a)lists.podman.io _______________________________________________ Podman mailing list --podman(a)lists.podman.io To unsubscribe send an email topodman-leave(a)lists.podman.io -- \ / | | (OvO) | Михаил Иванов | (^^^) | Тел.: +7(911) 223-1300 | \^/ | E-mail:ivans@isle.spb.ru | ^ ^ | |