[Podman] Re: Unable to connect to container using varlink

On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: > Hi Niranjan, > > default access permission is *0600* on */run/podman/io.podman *directory*,* so you can't use non-root user > to access this listening directory, but you may modify permission before starting io.podman.socket, > good luck! Ah thanks, Since the container was started by non-root user, when i tried with sudo it failed $ sudo varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}' Unable to connect: CannotConnect Probably because the root user doesn't see the container . > [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman > s*rw*-------. 1 root root 0 Aug 9 01:42 /run/podman/io.podman > > [root@ajia-rhel-8 ajia]# cat /usr/lib/systemd/system/io.podman.socket > [Unit] > Description=Podman Remote API Socket > Documentation=man:podman-varlink(1) > > [Socket] > *ListenStream=/run/podman/io.podman > SocketMode=0600* > > [Install] > WantedBy=sockets.target > > Sincerely, > Alex Jia When i tried to change the SocketMode to 0666 [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket [Unit] Description=Podman Remote API Socket Documentation=man:podman-varlink(1) [Socket] ListenStream=/run/podman/io.podman SocketMode=0666 [Install] WantedBy=sockets.target [root@mniranja ~]# ls -l /var/run/podman/io.podman srw-rw-rw-. 1 root root 0 Aug 9 11:51 /var/run/podman/io.podman $ varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}' Unable to connect: CannotConnect (venv) [mniranja@mniranja ad]$ sudo systemctl status io.podman.socket ● io.podman.socket - Podman Remote API Socket Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; vendor preset: disabled) Active: active (listening) since Fri 2019-08-09 11:51:21 IST; 1min 12s ago Docs: man:podman-varlink(1) Listen: /run/podman/io.podman (Stream) CGroup: /system.slice/io.podman.socket (venv) [mniranja@mniranja ad]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 24 hours ago Up 24 hours ago mysssd (venv) [mniranja@mniranja ad]$

> > > On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in&gt; wrote: >> Greetings, >> >> I have a container running on RHEL8 , The container was started as non root user using podman cli. I am trying to connect to container using varlink and it's unable to connect. >> >> $ podman ps >> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES >> de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 22 hours ago Up 22 hours ago mysssd >> >> >> $ sudo systemctl restart io.podman.socket >> $ sudo systemctl status io.podman.socket >> ● io.podman.socket - Podman Remote API Socket >> Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; vendor preset: disabled) >> Active: active (listening) since Fri 2019-08-09 10:38:38 IST; 1s ago >> Docs: man:podman-varlink(1) >> Listen: /run/podman/io.podman (Stream) >> CGroup: /system.slice/io.podman.socket >> >> >> $varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}' >> Unable to connect: CannotConnect >> >> >> Version: >> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 >> libvarlink-16-1.el8.x86_64 >> libvarlink-util-16-1.el8.x86_64 >> >> Regards >> Niranjan >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io