Thank you for getting back to me! Here's what I found:
1. Non-root `podman run --rm fedora ls` runs fine and I can see the output of the `ls` command. It looks normal.
That's good. It's not a general issue with this specific user but maybe specific to the hook or image.
> This indicates that an OCI hook failed to run
I didn't even know there is a thing called a "hook". :)
2. Here's the output of the three places you suggested that might have hooks:
`ls /usr/libexec/oci/hooks.d/` - There is one file `oci-systemd-hook`.
`ls /etc/containers/oci/hooks.d` - Nothing.
`/usr/share/containers/oci/hooks.d` - One file called `oci-systemd-hook.json` with these contents:
```
{
"cmd": [".*/init$" , ".*/systemd$" ],
"hook": "/usr/libexec/oci/hooks.d/oci-systemd-hook",
"stage": [ "prestart", "poststop" ]
}
```
I have zero idea what any of this means, what a hook is supposed to do, or how `oci-systemd-hook` got there.
This hook was used to allow for running systemd inside a container. Docker rejected to support that natively, so it was achieved by using an OCI runtime hook. Such hooks are executed by the low-level container runtimes such as runc and crun. In this specific case, the systemd hook was setting up certain mounts and tmpfs's to let systemd run happily inside the container.
However, the hook is obsolete in the Podman world since Podman supports running systemd natively.
By the way, `oci-systemd-hook` looks like a binary file (???), but I tried to see its contents via `cat` and there is a little bit of readable text in it. I've pasted the output in this pastebin:
https://wtf.roflcopter.fr/paste/?1e2e32dbdccb06fa#GVpawbfVEvmJUEUzuLCu2YQGaqnn4gDrGQk3RY6cUmMQ
Does any of the above provide clues to what's happening? Is it "simply" a matter of removing `oci-systemd-hook`? Or is that file critical to the functioning of Podman?
Thanks! The oci-systemd-hook is very likely causing the issue. I had a look at the entrypoint of the image you're using and indeed it's using "/init". Looking at the above JSON output you shared, we can see that the hook is fired when either /init or /systemd are the cmd/entrypoint of the container.
That being said, removing the hook should resolve the issue since Podman does not require the root for running systemd inside a container.
Kind regards,
Valentin
Thanks!!
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io