[Podman] Re: mqueue msg_max in rootless container

Hallo Daniel, sorry, did anything change about this problem in these two years? Or --ipc host is still the only option? :-( Best regards, On 21.05.2021 16:11, Daniel Walsh wrote: > On 5/20/21 16:39, Michael Ivanov wrote: >> Yes!!! >> >> --ipc host did it thanks a lot! >> Option with nsenter looks more preferrable to me, but as I >> understand I need first to start the container up, then run nsenter >> at host to change the mqueue settings and then somehow signal the >> container tht it can proceed with actual application. Is it possible >> to run nsenter during image build with buildah - I guess not? >> >> Best regards and thanks again! > I have opened an internal discussion on this with the User Namespace > maintainer of the kernel.  We will see if anything comes of it. >> >> On 20.05.2021 23:10, Giuseppe Scrivano wrote: >>> /proc/sys/fs/mqueue/msg_max is IPC namespaced but it is always >>> owned by >>> root in the initial user namespace.  A rootless container doesn't have >>> enough privileges to write to it. >>> >>> You can verify it with: >>> >>> $ podman run --rm fedora stat /proc/sys/fs/mqueue/msg_max >>>    File: /proc/sys/fs/mqueue/msg_max >>>    Size: 0             Blocks: 0          IO Block: 1024 regular >>> empty file >>> Device: 7bh/123d    Inode: 3634162     Links: 1 >>> Access: (0644/-rw-r--r--)  Uid: (65534/  nobody)   Gid: (65534/  >>> nobody) >>> >>> So given the current limitation in the kernel, you have two possible >>> choices to workaround it: >>> >>> 1) run with --ipc host >>> 2) get some help from root in the host: >>> >>> $ sudo nsenter -i -t $CONTAINER_PID sh -c 'echo $NEW_MSG_MAX > >>> /proc/sys/fs/mqueue/msg_max' >>> >>> Giuseppe >>> >>> >>> Michael Ivanov<ivans(a)isle.spb.ru> writes: >>> >>>> Yes it is 256: >>>> >>>> island:backend [master]> cat /proc/sys/fs/mqueue/msg_max >>>> 256 >>>> >>>> On 20.05.2021 21:00, Daniel Walsh wrote: >>>> >>>>   On 5/20/21 08:29, Michael Ivanov wrote: >>>> >>>>   Hallo! >>>> >>>>   I'm trying to run my application in podman rootless container >>>> and I stumble >>>>   on following problem: my program needs >>>> /proc/sys/fs/mqueue/msg_max to be at >>>>   least 256, but in running container this value is just 10. When >>>> I try to >>>>   specify this parameter while running the image (--sysctl >>>> 'fs.mqueue.msg_max=256') >>>>   I get the following error: >>>> >>>>      Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: >>>> OCI permission denied >>>> >>>>   and container is not created. >>>> >>>>   My host where container is being run has this parameter set to >>>> 256. How can I >>>>   expose current host setting for msg_max to my container? >>>> >>>>   Best regards, >>>> >>>>   When you login to your user account is is et to 256? >>>> >>>>   $ cat  /proc/sys/fs/mqueue/msg_max >>>>   10 >>>>   _______________________________________________ >>>>   Podman mailing list --podman(a)lists.podman.io   To unsubscribe >>>> send an email topodman-leave(a)lists.podman.io >>> _______________________________________________ >>> Podman mailing list --podman(a)lists.podman.io >>> To unsubscribe send an email topodman-leave(a)lists.podman.io >> >> >> -- >>   \   / |                       | >>   (OvO) |  Михаил Иванов                    | >>   (^^^) |      Тел.:    +7(911) 223-1300    | >>    \^/  | E-mail:ivans@isle.spb.ru    | >>    ^ ^  |                                   | > >