[Podman] Re: Unable to connect to container using varlink

Hello all, Daniel Walsh [2019-08-12 8:55 -0400]: Indeed podman's service file almost works for the systemd user instance. Matej recently sent https://github.com/containers/libpod/pull/3662 to make varlink on the user instance work out of the box. Martin > On 8/12/19 2:37 AM, niranjan(a)ashoo.in wrote: > > > > > > On Fri, Aug 9, 2019, at 11:54 AM, niranjan(a)ashoo.in wrote: > >> > >> > >> On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: > >>> Hi Niranjan, > >>> > >>> default access permission is *0600* on */run/podman/io.podman > >>> *directory*,* so you can't use non-root user > >>> to access this listening directory, but you may modify permission > >>> before starting io.podman.socket, > >>> good luck! > >> Ah thanks,  Since the container was started by non-root user, when i > >> tried with sudo it failed > >> > >> $ sudo varlink call -m > >> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >> <http://io.podman/io.podman.ListContainerProcesses> '{"name": > >> "mysssd", "opts": []}' > >> Unable to connect: CannotConnect > >> > >> Probably because the root user doesn't see the container . > >> > >>> [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman > >>> s*rw*-------. 1 root root 0 Aug  9 01:42 /run/podman/io.podman > >>> > >>> [root@ajia-rhel-8 ajia]# cat /usr/lib/systemd/system/io.podman.socket > >>> [Unit] > >>> Description=Podman Remote API Socket > >>> Documentation=man:podman-varlink(1) > >>> > >>> [Socket] > >>> *ListenStream=/run/podman/io.podman > >>> SocketMode=0600* > >>> > >>> [Install] > >>> WantedBy=sockets.target > >>> > >>> Sincerely, > >>> Alex Jia > >> > >> When i tried to change the SocketMode to 0666 > >> > >> [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket > >> [Unit] > >> Description=Podman Remote API Socket > >> Documentation=man:podman-varlink(1) > >> > >> [Socket] > >> ListenStream=/run/podman/io.podman > >> SocketMode=0666 > >> > >> [Install] > >> WantedBy=sockets.target > >> [root@mniranja ~]# ls -l /var/run/podman/io.podman > >> srw-rw-rw-. 1 root root 0 Aug  9 11:51 /var/run/podman/io.podman > >> > >> $ varlink call -m > >> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >> <http://io.podman/io.podman.ListContainerProcesses> '{"name": > >> "mysssd", "opts": []}' > >> Unable to connect: CannotConnect > >> (venv) [mniranja@mniranja ad]$ sudo systemctl status io.podman.socket > >> ● io.podman.socket - Podman Remote API Socket > >>    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; enabled; > >> vendor preset: disabled) > >>    Active: active (listening) since Fri 2019-08-09 11:51:21 IST; 1min > >> 12s ago > >>      Docs: man:podman-varlink(1) > >>    Listen: /run/podman/io.podman (Stream) > >>    CGroup: /system.slice/io.podman.socket > >> <http://system.slice/io.podman.socket> > >> > >> (venv) [mniranja@mniranja ad]$ podman ps > >> CONTAINER ID  IMAGE                            COMMAND         > >> CREATED       STATUS           PORTS  NAMES > >> de27f6bd7c59  docker.io/library/fedora:latest > >> <http://docker.io/library/fedora:latest>  /usr/sbin/init  24 hours > >> ago  Up 24 hours ago         mysssd > >> (venv) [mniranja@mniranja ad]$ > > > > Even after changing the permissions to 0666, as non root user i am > > still unable to use varlink to access the container.  Any info on how > > i could use varlink as non root user to access containers created > > using non-root user. > > > > > > > >> > >> > >>> > >>> > >>> On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in > >>> <mailto:niranjan@ashoo.in>> wrote: > >>> > >>> Greetings, > >>> > >>> I have a container running on RHEL8 , The container was started > >>> as non root user using podman cli. I am trying to connect to > >>> container using varlink and it's unable to connect. > >>> > >>> $ podman ps > >>> CONTAINER ID  IMAGE                            COMMAND        > >>>  CREATED       STATUS           PORTS  NAMES > >>> de27f6bd7c59  docker.io/library/fedora:latest > >>> <http://docker.io/library/fedora:latest>  /usr/sbin/init  22 > >>> hours ago  Up 22 hours ago         mysssd > >>> > >>> > >>> $ sudo systemctl restart io.podman.socket > >>> $ sudo systemctl status io.podman.socket > >>> ● io.podman.socket - Podman Remote API Socket > >>>    Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; > >>> enabled; vendor preset: disabled) > >>>    Active: active (listening) since Fri 2019-08-09 10:38:38 IST; > >>> 1s ago > >>>      Docs: man:podman-varlink(1) > >>>    Listen: /run/podman/io.podman (Stream) > >>>    CGroup: /system.slice/io.podman.socket > >>> > >>> > >>> $varlink call -m > >>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >>> '{"name": "mysssd", "opts": []}' > >>> Unable to connect: CannotConnect > >>> > >>> > >>> Version: > >>> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 > >>> libvarlink-16-1.el8.x86_64 > >>> libvarlink-util-16-1.el8.x86_64 > >>> > >>> Regards > >>> Niranjan > >>> _______________________________________________ > >>> Podman mailing list -- podman(a)lists.podman.io > >>> <mailto:podman@lists.podman.io> > >>> To unsubscribe send an email to podman-leave(a)lists.podman.io > >>> <mailto:podman-leave@lists.podman.io> > >>> > >> > >> _______________________________________________ > >> Podman mailing list -- podman(a)lists.podman.io > >> To unsubscribe send an email to podman-leave(a)lists.podman.io > >> > > > > > > _______________________________________________ > > Podman mailing list -- podman(a)lists.podman.io > > To unsubscribe send an email to podman-leave(a)lists.podman.io > >