[Podman] Re: RunRoot & mistaken IDs

On 29/01/2024 15:55, Daniel Walsh wrote: > On 1/29/24 08:52, lejeczek via Podman wrote: >> >> >> On 29/01/2024 12:04, Daniel Walsh wrote: >>> On 1/29/24 02:35, lejeczek via Podman wrote: >>>> >>>> >>>> On 28/03/2023 21:00, Chris Evich wrote: >>>>> On 3/28/23 09:06, lejeczek via Podman wrote: >>>>>> I think it might have something to do with the fact that I >>>>>> changed UID for the user >>>>> >>>>> The files under /run/user/$UID are typically managed by >>>>> systemd-logind. I've noticed sometimes there's a delay between >>>>> logging out and the files being cleaned up.  Try logging out for >>>>> a minute or three and see if that fixes it. >>>>> >>>>> Also, if you have lingering enabled for the user, it may take a >>>>> restart of particular the user.slice. >>>>> >>>>> Lastly, I'm not certain, but you (as root) may be able to >>>>> `systemctl reload systemd-logind`.  That's a total guess though. >>>>> >>>>> >>>> Those parts seem very clunky - at least in up-to-date Centos 9 >>>> stream - I have removed a user and re/created that user in IdM and.. >>>> even after full & healthy OS reboot, containers/podman insist: >>>> >>>> -> $ podman container ls -a >>>> WARN[0000] RunRoot is pointing to a path >>>> (/run/user/2001/containers) which is not writable. Most likely >>>> podman will fail. >>>> Error: default OCI runtime "crun" not found: invalid argument >>>> >>>> -> $ id >>>> uid=1107400004(podmania) gid=1107400004(podmania) >>>> groups=1107400004(podmania) >>>> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >>>> >>>> Where/what does it persist/insist on that old, non-existent UID - >>>> would anybody know? >>>> >>>> many thanks, L. >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>> >>> Do you have XDG_RUNTIME_DIR pointing at it? >>> >> Nope, I don't think so. >> >> -> $ echo $XDG_RUNTIME_DIR >> /run/user/1107400004 >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > > Ok you probably need to do a `podman system reset` since you changed > the ownership of the homedir and the UID of the process running > Podman.  Podman recorded the previous settings in its database. > _______________________________________________ > Doing anything as the user, seems not as viable option. -> $ podman system reset WARN[0000] RunRoot is pointing to a path (/run/user/2001/containers) which is not writable. Most likely podman will fail. Error: default OCI runtime "crun" not found: invalid argument forcibly: -> $ rm -fr /home.sysop/podmania/.local/share/containers/* helps, kind of, for very next issue is: -> $ podman system reset ERRO[0000] cannot find UID/GID for user podmania: cannot read subids - check rootless mode in man pages. WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user WARNING! This will remove: ... I presumed - incorrectly? - that (these days) subordinate UIDs should work when:  -> $ authselect current Profile ID: sssd Enabled features: - with-sudo - with-subid or am I missing something? p.s./btw - is it just me or Centos is getting increasingly clunky, really? _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io