On Fri, Aug 9, 2019, at 11:54 AM, niranjan@ashoo.in wrote:

On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote:
Hi Niranjan,

default access permission is 0600 on /run/podman/io.podman directory, so you can't use non-root user
to access this listening directory, but you may modify permission before starting io.podman.socket,
good luck!
Ah thanks, Since the container was started by non-root user, when i tried with sudo it failed

$ sudo varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}'
Unable to connect: CannotConnect

Probably because the root user doesn't see the container .

[root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman
srw-------. 1 root root 0 Aug 9 01:42 /run/podman/io.podman

[root@ajia-rhel-8 ajia]# cat /usr/lib/systemd/system/io.podman.socket
[Unit]
Description=Podman Remote API Socket
Documentation=man:podman-varlink(1)

[Socket]
ListenStream=/run/podman/io.podman
SocketMode=0600

[Install]
WantedBy=sockets.target

Sincerely,
Alex Jia

When i tried to change the SocketMode to 0666

[root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket
[Unit]
Description=Podman Remote API Socket
Documentation=man:podman-varlink(1)

[Socket]
ListenStream=/run/podman/io.podman
SocketMode=0666

[Install]
WantedBy=sockets.target
[root@mniranja ~]# ls -l /var/run/podman/io.podman
srw-rw-rw-. 1 root root 0 Aug 9 11:51 /var/run/podman/io.podman

$ varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}'
Unable to connect: CannotConnect
(venv) [mniranja@mniranja ad]$ sudo systemctl status io.podman.socket
● io.podman.socket - Podman Remote API Socket
   Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; vendor preset: disabled)
   Active: active (listening) since Fri 2019-08-09 11:51:21 IST; 1min 12s ago
     Docs: man:podman-varlink(1)
   Listen: /run/podman/io.podman (Stream)
   CGroup: /system.slice/io.podman.socket

(venv) [mniranja@mniranja ad]$ podman ps
CONTAINER ID IMAGE                            COMMAND         CREATED       STATUS           PORTS NAMES
de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 24 hours ago Up 24 hours ago         mysssd
(venv) [mniranja@mniranja ad]$

Even after changing the permissions to 0666, as non root user i am still unable to use varlink to access the container. Any info on how i could use varlink as non root user to access containers created using non-root user.

On Fri, Aug 9, 2019 at 1:16 PM <niranjan@ashoo.in> wrote:
Greetings,

I have a container running on RHEL8 , The container was started as non root user using podman cli. I am trying to connect to container using varlink and it's unable to connect.

$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 22 hours ago Up 22 hours ago mysssd

$ sudo systemctl restart io.podman.socket
$ sudo systemctl status io.podman.socket
● io.podman.socket - Podman Remote API Socket
Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; vendor preset: disabled)
Active: active (listening) since Fri 2019-08-09 10:38:38 IST; 1s ago
Docs: man:podman-varlink(1)
Listen: /run/podman/io.podman (Stream)
CGroup: /system.slice/io.podman.socket

$varlink call -m unix:/run/podman/io.podman/io.podman.ListContainerProcesses '{"name": "mysssd", "opts": []}'
Unable to connect: CannotConnect

Version:
podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64
libvarlink-16-1.el8.x86_64
libvarlink-util-16-1.el8.x86_64

Regards
Niranjan
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io