[Podman] Re: Unable to connect to container using varlink

On Fri, Aug 9, 2019, at 11:54 AM, niranjan(a)ashoo.in wrote: > > > On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: >> Hi Niranjan, >> >> default access permission is *0600* on */run/podman/io.podman >> *directory*,* so you can't use non-root user >> to access this listening directory, but you may modify permission >> before starting io.podman.socket, >> good luck! > Ah thanks,  Since the container was started by non-root user, when i > tried with sudo it failed > > $ sudo varlink call -m > unix:/run/podman/io.podman/io.podman.ListContainerProcesses > <http://io.podman/io.podman.ListContainerProcesses> '{"name": > "mysssd", "opts": []}' > Unable to connect: CannotConnect > > Probably because the root user doesn't see the container . > >> [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman >> s*rw*-------. 1 root root 0 Aug  9 01:42 /run/podman/io.podman >> >> [root@ajia-rhel-8 ajia]# cat /usr/lib/systemd/system/io.podman.socket >> [Unit] >> Description=Podman Remote API Socket >> Documentation=man:podman-varlink(1) >> >> [Socket] >> *ListenStream=/run/podman/io.podman >> SocketMode=0600* >> >> [Install] >> WantedBy=sockets.target >> >> Sincerely, >> Alex Jia > > When i tried to change the SocketMode to 0666 > > [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket > [Unit] > Description=Podman Remote API Socket > Documentation=man:podman-varlink(1) > > [Socket] > ListenStream=/run/podman/io.podman > SocketMode=0666 > > [Install] > WantedBy=sockets.target > [root@mniranja ~]# ls -l /var/run/podman/io.podman > srw-rw-rw-. 1 root root 0 Aug  9 11:51 /var/run/podman/io.podman > > $ varlink call -m > unix:/run/podman/io.podman/io.podman.ListContainerProcesses > <http://io.podman/io.podman.ListContainerProcesses> '{"name": > "mysssd", "opts": []}' > Unable to connect: CannotConnect > (venv) [mniranja@mniranja ad]$ sudo systemctl status io.podman.socket > ● io.podman.socket - Podman Remote API Socket >    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; > vendor preset: disabled) >    Active: active (listening) since Fri 2019-08-09 11:51:21 IST; 1min > 12s ago >      Docs: man:podman-varlink(1) >    Listen: /run/podman/io.podman (Stream) >    CGroup: /system.slice/io.podman.socket > <http://system.slice/io.podman.socket> > > (venv) [mniranja@mniranja ad]$ podman ps > CONTAINER ID  IMAGE                            COMMAND         > CREATED       STATUS           PORTS  NAMES > de27f6bd7c59  docker.io/library/fedora:latest > <http://docker.io/library/fedora:latest>  /usr/sbin/init  24 hours > ago  Up 24 hours ago         mysssd > (venv) [mniranja@mniranja ad]$ Even after changing the permissions to 0666, as non root user i am still unable to use varlink to access the container.  Any info on how i could use varlink as non root user to access containers created using non-root user. > > >> >> >> On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in >> <mailto:niranjan@ashoo.in>> wrote: >> >> Greetings, >> >> I have a container running on RHEL8 , The container was started >> as non root user using podman cli. I am trying to connect to >> container using varlink and it's unable to connect. >> >> $ podman ps >> CONTAINER ID  IMAGE                            COMMAND        >>  CREATED       STATUS           PORTS  NAMES >> de27f6bd7c59  docker.io/library/fedora:latest >> <http://docker.io/library/fedora:latest>  /usr/sbin/init  22 >> hours ago  Up 22 hours ago         mysssd >> >> >> $ sudo systemctl restart io.podman.socket >> $ sudo systemctl status io.podman.socket >> ● io.podman.socket - Podman Remote API Socket >>    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; >> enabled; vendor preset: disabled) >>    Active: active (listening) since Fri 2019-08-09 10:38:38 IST; >> 1s ago >>      Docs: man:podman-varlink(1) >>    Listen: /run/podman/io.podman (Stream) >>    CGroup: /system.slice/io.podman.socket >> >> >> $varlink call -m >> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >> '{"name": "mysssd", "opts": []}' >> Unable to connect: CannotConnect >> >> >> Version: >> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 >> libvarlink-16-1.el8.x86_64 >> libvarlink-util-16-1.el8.x86_64 >> >> Regards >> Niranjan >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> <mailto:podman@lists.podman.io> >> To unsubscribe send an email to podman-leave(a)lists.podman.io >> <mailto:podman-leave@lists.podman.io> >> > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io