On 11/27/23 02:04, Михаил Иванов wrote:
Hallo,

For me rootful works:

island:container [master]> cat /proc/sys/fs/mqueue/msg_max
256

$ podman run alpine ls -ld /proc/sys/fs/mqueue/msg_max
-rw-r--r--    1 nobody   nobody           0 Nov 27 12:10 /proc/sys/fs/mqueue/msg_max

Since it is owned by real root, a rootless user can not write to it.  I guess we could ague this is a bug with the kernel. mqeueu/msg_max should be owned by root of the user namespace as opposed to real root.

## Rootful:
island:container [master]> sudo podman run --sysctl=fs.mqueue.msg_max=64 --rm centos cat /proc/sys/fs/mqueue/msg_max
64

## Rootless:
island:container [master]> podman run --sysctl=fs.mqueue.msg_max=64 --rm centos cat /proc/sys/fs/mqueue/msg_max
Error: crun: open `/proc/sys/fs/mqueue/msg_max`: Permission denied: OCI permission denied

## What rootless gets by default (changed as compared to host setting!):
island:container [master]> podman run --rm centos cat /proc/sys/fs/mqueue/msg_max
10

Rgrds,
On 25.11.2023 20:17, Daniel Walsh wrote:
On 11/25/23 10:44, Михаил Иванов wrote:
Hallo,
Is it possible to get podman to propagate current host fs.mqueue.msg_max
value to rootless container? I can do that if I specify --ipc host when
running the container, but this also exposes other ipc stuff from host
to container, including shared memory, which I do not want.

If I specify --sysctl fs.mqueue.msg_size=64 to podman it gives me
"OCI permission denied" error, even when my host setting (256) is greater
than requested value.
Thanks,
-- 
Micvhael Ivanov


_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

The way you attempted is correct. Might not be allowed for rootless containers.

I attempted this in a rootful container and it blows up for me.


podman run  --sysctl fs.mqueue.msg_size=64 alpine echo hi
Error: crun: open `/proc/sys/fs/mqueue/msg_size`: No such file or directory: OCI runtime attempted to invoke a command that was not found


_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io