The IP firewall warning seems to be unrelated. On another server where we didn't get this problem on a reboot, the same warning is emitted for one of the several rootless containers running there. It's interesting on its own, and I found where it happens in the systemd code here:

https://github.com/systemd/systemd/blob/e30b4c13570a5e4ec794d480d5371e9c739570d9/src/core/cgroup.c#L2034

...but that seems like another, likely benign issue with rootless Podman and systemd/cgroups, maybe?

The later errors seem to be the actual failure here, but I don't know what to make of them.


- JK




On Thursday, May 25, 2023 at 7:21 PM, Chris Evich <cevich@redhat.com> wrote:
On 5/25/23 08:03, jklaiho@iki.fi wrote:
systemd[746]: cms_backend.service: unit configures an IP firewall, but not running as root.
systemd[746]: (This warning is only shown for the first unit using IP firewalling.)

I'm not an expert, but to my untrained eye, this message seems to be the
root-cause indicator. I can't say for sure where/why that error is
generated but it seems like it could be some kind of bug in quadlet
interactions w/ the rest of systemd. Maybe try changing the
dependencies (Wants/After) might make a difference? That's a total
guess though.

---
Chris Evich (he/him), RHCA III
Senior Quality Assurance Engineer
If it ain't broke, your hammer isn't wide 'nough.
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io