Still stuck.

[podtest@degenaro-podman-centos ~]$ cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
[podtest@degenaro-podman-centos ~]$ podman --version
podman version 1.4.4
[podtest@degenaro-podman-centos ~]$ podman --log-level=debug run hello-world
INFO[0000] running as rootless                          
DEBU[0000] Initializing boltdb state at /home/podtest/.local/share/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver vfs                      
DEBU[0000] Using graph root /home/podtest/.local/share/containers/storage
DEBU[0000] Using run root /tmp/run-1000                
DEBU[0000] Using static dir /home/podtest/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /tmp/run-1000/libpod/tmp      
DEBU[0000] Using volume path /home/podtest/.local/share/containers/storage/volumes
DEBU[0000] Set libpod namespace to ""                  
DEBU[0000] [graphdriver] trying provided driver "vfs"  
DEBU[0000] Initializing event backend journald          
DEBU[0000] parsed reference into "[vfs@/home/podtest/.local/share/containers/storage+/tmp/run-1000]docker.io/library/hello-world:latest"
DEBU[0000] parsed reference into "[vfs@/home/podtest/.local/share/containers/storage+/tmp/run-1000]@fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] exporting opaque data as blob "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] parsed reference into "[vfs@/home/podtest/.local/share/containers/storage+/tmp/run-1000]@fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] exporting opaque data as blob "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] parsed reference into "[vfs@/home/podtest/.local/share/containers/storage+/tmp/run-1000]@fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] Got mounts: []                              
DEBU[0000] Got volumes: []                              
DEBU[0000] Using slirp4netns netmode                    
DEBU[0000] created OCI spec and options for new container
DEBU[0000] Allocated lock 6 for container 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b
DEBU[0000] parsed reference into "[vfs@/home/podtest/.local/share/containers/storage+/tmp/run-1000]@fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] exporting opaque data as blob "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
DEBU[0000] created container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b"
DEBU[0000] container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b" has work directory "/home/podtest/.local/share/containers/storage/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata"
DEBU[0000] container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b" has run directory "/tmp/run-1000/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata"
DEBU[0000] New container created "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b"
DEBU[0000] container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b" has CgroupParent "/libpod_parent/libpod-918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b"
DEBU[0000] Not attaching to stdin                      
DEBU[0000] mounted container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b" at "/home/podtest/.local/share/containers/storage/vfs/dir/f199b6752d854c2f477e416dc93fdd1ddef53794d63fb2e5b79f3e7eff0500b3"
DEBU[0000] Created root filesystem for container 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b at /home/podtest/.local/share/containers/storage/vfs/dir/f199b6752d854c2f477e416dc93fdd1ddef53794d63fb2e5b79f3e7eff0500b3
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode secret
DEBU[0000] Created OCI spec for container 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b at /home/podtest/.local/share/containers/storage/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata/config.json
DEBU[0000] /usr/libexec/podman/conmon messages will be logged to syslog
DEBU[0000] running conmon: /usr/libexec/podman/conmon    args="[-c 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b -u 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b -n objective_meninsky -r /usr/bin/runc -b /home/podtest/.local/share/containers/storage/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata -p /tmp/run-1000/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata/pidfile --exit-dir /tmp/run-1000/libpod/tmp/exits --conmon-pidfile /tmp/run-1000/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/podtest/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /tmp/run-1000 --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg cgroupfs --exit-command-arg --tmpdir --exit-command-arg /tmp/run-1000/libpod/tmp --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg vfs --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b --socket-dir-path /tmp/run-1000/libpod/tmp/socket -l k8s-file:/home/podtest/.local/share/containers/storage/vfs-containers/918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b/userdata/ctr.log --log-level debug --syslog]"
[conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied

WARN[0000] Failed to add conmon to cgroupfs sandbox cgroup: error creating cgroup for blkio: mkdir /sys/fs/cgroup/blkio/libpod_parent: permission denied
DEBU[0000] Received container pid: -1                  
DEBU[0000] Cleaning up container 918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b
DEBU[0000] Network is already cleaned up, skipping...  
DEBU[0000] unmounted container "918829cc374bd3e26dbf59b5f135d02e86959ec7f105dd23880dd0e00f064c1b"
ERRO[0000] container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/home/podtest/.local/share/containers/storage/vfs/dir/f199b6752d854c2f477e416dc93fdd1ddef53794d63fb2e5b79f3e7eff0500b3\\\" at \\\"/proc\\\" caused \\\"operation not permitted\\\"\""
: OCI runtime error

On Fri, Sep 27, 2019 at 9:44 AM Lou DeGenaro <lou.degenaro@gmail.com> wrote:

Still no joy using ssh direct to host as user.

Lou.

=====

(base) [degenaro@oc0668325081 ~]$ ssh podman4u@degenaro-podman-centos.sl.cloud9.ibm.com
podman4u@degenaro-podman-centos.sl.cloud9.ibm.com's password:
Last login: Fri Sep 27 08:36:37 2019 from 9.74.15.59
[podman4u@degenaro-podman-centos ~]$ podman run -it --rm busybox echo hello
Trying to pull registry.access.redhat.com/busybox...ERRO[0000] Error pulling image ref //registry.access.redhat.com/busybox:latest: Error initializing source docker://registry.access.redhat.com/busybox:latest: Error reading manifest latest in registry.access.redhat.com/busybox: name unknown: Repo not found
Failed
Trying to pull docker.io/library/busybox...Getting image source signatures
Copying blob 7c9d20b9b6cd done
Copying config 19485c79a9 done
Writing manifest to image destination
Storing signatures
ERRO[0004] Error while applying layer: ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
ERRO[0004] Error pulling image ref //busybox:latest: Error committing the finished image: error adding layer with blob "sha256:7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b": ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
Failed
Trying to pull registry.fedoraproject.org/busybox...ERRO[0005] Error pulling image ref //registry.fedoraproject.org/busybox:latest: Error initializing source docker://registry.fedoraproject.org/busybox:latest: Error reading manifest latest in registry.fedoraproject.org/busybox: manifest unknown: manifest unknown
Failed
Trying to pull quay.io/busybox...ERRO[0006] Error pulling image ref //quay.io/busybox:latest: Error initializing source docker://quay.io/busybox:latest: Error reading manifest latest in quay.io/busybox: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
Failed
Trying to pull registry.centos.org/busybox...ERRO[0007] Error pulling image ref //registry.centos.org/busybox:latest: Error initializing source docker://registry.centos.org/busybox:latest: Error reading manifest latest in registry.centos.org/busybox: manifest unknown: manifest unknown
Failed
Error: unable to pull busybox: 5 errors occurred:
* Error initializing source docker://registry.access.redhat.com/busybox:latest: Error reading manifest latest in registry.access.redhat.com/busybox: name unknown: Repo not found
* Error committing the finished image: error adding layer with blob "sha256:7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b": ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
* Error initializing source docker://registry.fedoraproject.org/busybox:latest: Error reading manifest latest in registry.fedoraproject.org/busybox: manifest unknown: manifest unknown
* Error initializing source docker://quay.io/busybox:latest: Error reading manifest latest in quay.io/busybox: error parsing HTTP 404 response body: invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.  If you entered the URL manually please check your spelling and try again.</p>\n"
* Error initializing source docker://registry.centos.org/busybox:latest: Error reading manifest latest in registry.centos.org/busybox: manifest unknown: manifest unknown

[podman4u@degenaro-podman-centos ~]$ env
XDG_SESSION_ID=12
HOSTNAME=degenaro-podman-centos....
SELINUX_ROLE_REQUESTED=
TERM=xterm-256color
SHELL=/bin/bash
HISTSIZE=1000
SSH_CLIENT=9.74.15.59 51058 22
SELINUX_USE_CURRENT_RANGE=
SSH_TTY=/dev/pts/0
USER=podman4u
LS_COLORS=rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
MAIL=/var/spool/mail/podman4u
PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/podman4u/.local/bin:/home/podman4u/bin
PWD=/home/podman4u
XMODIFIERS=@im=ibus
LANG=en_US.utf8
SELINUX_LEVEL_REQUESTED=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/home/podman4u
LOGNAME=podman4u
SSH_CONNECTION=9.74.15.59 51058 9.59.151.204 22
LESSOPEN=||/usr/bin/lesspipe.sh %s
XDG_RUNTIME_DIR=/run/user/1003
_=/usr/bin/env

On Fri, Sep 27, 2019 at 9:32 AM Matt Heon <mheon@redhat.com> wrote:
On 2019-09-27 08:15, Lou DeGenaro wrote:
>I've started fresh. Below is my console.  Please advise.  Thx!
>
>Lou.
>
>=====
>
>[root@degenaro-podman-centos etc]# cat /etc/os-release
>NAME="CentOS Linux"
>VERSION="7 (Core)"
>ID="centos"
>ID_LIKE="rhel fedora"
>VERSION_ID="7"
>PRETTY_NAME="CentOS Linux 7 (Core)"
>ANSI_COLOR="0;31"
>CPE_NAME="cpe:/o:centos:centos:7"
>HOME_URL="https://www.centos.org/"
>BUG_REPORT_URL="https://bugs.centos.org/"
>
>CENTOS_MANTISBT_PROJECT="CentOS-7"
>CENTOS_MANTISBT_PROJECT_VERSION="7"
>REDHAT_SUPPORT_PRODUCT="centos"
>REDHAT_SUPPORT_PRODUCT_VERSION="7"
>
>[root@degenaro-podman-centos etc]# podman --version
>podman version 1.4.4
>[root@degenaro-podman-centos etc]# podman run -it --rm busybox echo hello
>hello
>[root@degenaro-podman-centos etc]# cat /etc/subuid
>podman4u:100000:65536
>[root@degenaro-podman-centos etc]# cat /etc/subgid
>podman4u:100000:65536
>[root@degenaro-podman-centos etc]# sysctl -p /etc/sysctl.d/userns.conf
>user.max_user_namespaces = 65534
>[root@degenaro-podman-centos etc]# su - podman4u

I think this might be part of the problem right here. Rootless Podman
relies on some environment variables and other configuration that are
not done when a session is logged into via `su` or `sudo` (I believe
that systemd doesn't recognize sessions where one user becomes another
which causes it to not configure `/run/user/$UID` for example).

Thanks,
Matt Heon

>Last login: Fri Sep 27 07:00:57 CDT 2019 from 9.74.15.59 on pts/1
>[podman4u@degenaro-podman-centos ~]$ podman run -it --rm busybox echo hello
>Trying to pull registry.access.redhat.com/busybox...ERRO[0000] Error
>pulling image ref //registry.access.redhat.com/busybox:latest: Error
>initializing source docker://registry.access.redhat.com/busybox:latest:
>Error reading manifest latest in registry.access.redhat.com/busybox: name
>unknown: Repo not found
>Failed
>Trying to pull docker.io/library/busybox...Getting image source signatures
>Copying blob 7c9d20b9b6cd done
>Copying config 19485c79a9 done
>Writing manifest to image destination
>Storing signatures
>ERRO[0004] Error while applying layer: ApplyLayer exit status 1 stdout:
> stderr: there might not be enough IDs available in the namespace
>(requested 65534:65534 for /home): lchown /home: invalid argument
>ERRO[0004] Error pulling image ref //busybox:latest: Error committing the
>finished image: error adding layer with blob
>"sha256:7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b":
>ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs
>available in the namespace (requested 65534:65534 for /home): lchown /home:
>invalid argument
>Failed
>Trying to pull registry.fedoraproject.org/busybox...ERRO[0005] Error
>pulling image ref //registry.fedoraproject.org/busybox:latest: Error
>initializing source docker://registry.fedoraproject.org/busybox:latest:
>Error reading manifest latest in registry.fedoraproject.org/busybox:
>manifest unknown: manifest unknown
>Failed
>Trying to pull quay.io/busybox...ERRO[0006] Error pulling image ref //
>quay.io/busybox:latest: Error initializing source docker://
>quay.io/busybox:latest: Error reading manifest latest in quay.io/busybox:
>error parsing HTTP 404 response body: invalid character '<' looking for
>beginning of value: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2
>Final//EN\">\n<title>404 Not Found</title>\n<h1>Not Found</h1>\n<p>The
>requested URL was not found on the server.  If you entered the URL manually
>please check your spelling and try again.</p>\n"
>Failed
>Trying to pull registry.centos.org/busybox...ERRO[0007] Error pulling image
>ref //registry.centos.org/busybox:latest: Error initializing source
>docker://registry.centos.org/busybox:latest: Error reading manifest latest
>in registry.centos.org/busybox: manifest unknown: manifest unknown
>Failed
>Error: unable to pull busybox: 5 errors occurred:
>* Error initializing source docker://
>registry.access.redhat.com/busybox:latest: Error reading manifest latest in
>registry.access.redhat.com/busybox: name unknown: Repo not found
>* Error committing the finished image: error adding layer with blob
>"sha256:7c9d20b9b6cda1c58bc4f9d6c401386786f584437abbe87e58910f8a9a15386b":
>ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs
>available in the namespace (requested 65534:65534 for /home): lchown /home:
>invalid argument
>* Error initializing source docker://
>registry.fedoraproject.org/busybox:latest: Error reading manifest latest in
>registry.fedoraproject.org/busybox: manifest unknown: manifest unknown
>* Error initializing source docker://quay.io/busybox:latest: Error reading
>manifest latest in quay.io/busybox: error parsing HTTP 404 response body:
>invalid character '<' looking for beginning of value: "<!DOCTYPE HTML
>PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not
>Found</title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on
>the server.  If you entered the URL manually please check your spelling and
>try again.</p>\n"
>* Error initializing source docker://registry.centos.org/busybox:latest:
>Error reading manifest latest in registry.centos.org/busybox: manifest
>unknown: manifest unknown
>
>
>
>
>
>On Wed, Sep 25, 2019 at 4:30 PM Matt Heon <mheon@redhat.com> wrote:
>
>> On 2019-09-25 15:25, Lou DeGenaro wrote:
>> >I made a change to storage.conf as follows:
>> >graphroot = "/tmp/degenaro/.local/share/containers/storage"
>> >
>> >Yet, when I run podman info:
>> >GraphRoot: /tmp/podman/degenaro/.local/share/containers/storage
>> >
>> >Why does the string /podman still appear in GraphRoot?
>> >
>> >Thanks.
>> >
>> >Lou.
>>
>> Can you provide the full output of `podman info --log-level=debug`?
>>
>> Thanks,
>> Matt Heon
>>
>> >_______________________________________________
>> >Podman mailing list -- podman@lists.podman.io
>> >To unsubscribe send an email to podman-leave@lists.podman.io
>>