[Podman] Re: no logs from container

On 29/04/2021 20:47, Daniel Walsh wrote: > On 4/28/21 16:46, lejeczek via Podman wrote: >> >> >> On 28/04/2021 19:56, Daniel Walsh wrote: >>> On 4/28/21 11:02, lejeczek via Podman wrote: >>>> Hi guys >>>> >>>> I'm trying a popular image, perhaps very popular(not sure if with >>>> podman consumers though) off which a rootful container produces no >>>> logs. >>>> I've tried podman vers 2.0 & 3.1, with the same results. >>>> Adding debug to: >>>> >>>> -> $ podman container restart cni-net.disc --log-level=debug >>>> ... >>>> INFO[0000] Running conmon under slice >>>> machine-libpod_pod_6ef5202d6954f3616a530f188954465e27ff4730dfad32b68d9467c26e789d18.slice >>>> and unitName >>>> libpod-conmon-7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97.scope >>>> >>>> DEBU[0000] Received: 310116 >>>> INFO[0000] Got Conmon PID as 310113 >>>> DEBU[0000] Created container >>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>> in OCI runtime >>>> DEBU[0000] Starting container >>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>> with command [/bin/bash] >>>> DEBU[0000] Started container >>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>> 7b001c9305379c7279791e9addf01a716188b42c2c7d52b54deea0ca7461be97 >>>> DEBU[0000] Called restart.PersistentPostRunE(podman container >>>> restart cni-net.discourse --log-level=debug) >>>> >>>> does not reveal much as you can see. >>>> I can: >>>> -> $ podman exec -it cni-net.disc sh >>>> and shell is availble. >>>> >>>> How to troubleshoot issues like this? >>>> many thanks, L. >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>> >>> I would first attempt it --privileged and see if it works. If it >>> does, then we got to find out what security mechanism is blocking it. >>> >> '--privileged' gets me back to what I inquired about and filed >> bugzilla earlier - CAP_PERFMON >> I wonder, is a 'proper' fix moving to appear on the horizon? >> > If --privileged works, now I would try each of the following separately. > > --security-opt label=disable > > --security-opt seccomp=unconfined > > --cap-add all > > Which would tell you that SELinux is blocking it, Seccomp, or > capabilities. > > If it is capabilities, then we can start playing with which > capability is needed. Sorry, I did not make it straight enough, it fails with: -> $ _P=cni-net _N=disco-dev; podman run --privileged -td --pod=$_P.${HOSTNAME%%.*} --volume /srv/containers/FLATfiles/net.disco:/shared:z --name ${_P}.$_N docker.io/discourse/discourse_dev Error: OCI runtime error: unknown cap: `CAP_PERFMON` By 'fails' I mean - container gets created by still no logs. Only config where 'logs -f' actually connects and hangs onto something is: -> $ podman run --security-opt label=disable --restart=always -td --pod=.... But still that something is 'blank' output, otherwise '-f' returns to prompt immediately. many thanks, L.

> >>> _______________________________________________ >>> Podman mailing list -- podman(a)lists.podman.io >>> To unsubscribe send an email to podman-leave(a)lists.podman.io >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io