[Podman] Re: can not run ubi7-init systemd container, fedora systemd container works fine

I think it is an old message that was already answered some weeks ago: https://lists.podman.io/archives/list/podman@lists.podman.io/message/7Y7L... Giuseppe Daniel Walsh <dwalsh(a)redhat.com&gt; writes: > On 1/19/21 12:26, Scott McCarty wrote: > > Jan, > Try the sebool described here: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_at... > > Best Regards > Scott M > > On Tue, Jan 19, 2021 at 9:40 AM Jan Hutař <jhutar(a)redhat.com&gt; wrote: > > Hello! > > I have issue with running "ubi7-init" based container. When I base mine > container on "fedora", it works fine: > > $ cat Containerfile > FROM fedora > RUN dnf -y install httpd; dnf clean all; systemctl enable httpd > EXPOSE 80 > CMD [ "/sbin/init" ] > > and then: > > $ sudo podman build -f Containerfile > $ sudo podman run -ti -p 80:80 20185593d0f96c4dee56e351eae4754cdd429679c1b645dae1b6f24880ce33fc > systemd v246.6-3.fc33 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT > +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified) > [...] > [ OK ] Started The Apache HTTP Server. > [...] > > But when I try the same with ubi7-init based container (or rhel7-init): > > $ cat Containerfile > FROM registry.access.redhat.com/ubi7/ubi-init > RUN echo -e "[repo1]\nname=repo1\nbaseurl=http://repos.example.com/RHEL-7/7.9/Server/x86_64/os/\ngpgcheck=0\nenabled=1" > >/etc/yum.repos.d/repo1.repo; yum -y install httpd; yum clean all; systemctl enable httpd > EXPOSE 80 > CMD [ "/sbin/init" ] > > it fails: > > $ sudo podman run -ti -p 80:80 d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964 > Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted > [!!!!!!] Failed to mount API filesystems, freezing. > > And same with privileged: > > $ sudo podman run -ti -p 80:80 --privileged=true d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964 > Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted > [!!!!!!] Failed to mount API filesystems, freezing. > > I have these versions: > > $ rpm -q fedora-release-common podman > fedora-release-common-33-3.noarch > podman-2.2.1-1.fc33.x86_64 > $ sudo podman version > Version: 2.2.1 > API Version: 2.1.0 > Go Version: go1.15.5 > Built: Tue Dec 8 15:37:50 2020 > OS/Arch: linux/amd64 > > Please, any idea on what I'm doing wrong? > > Thank you in advance and happy new year! > > Regards, > Jan > > -- > Jan Hutar Performance Engineering > jhutar(a)redhat.com Red Hat, Inc. > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > > -- > -- > The Delicate Art of Product Management with Open Source: http://crunchtools.com/open-source-in-business-2020/ > -- > Scott McCarty > Product Management - Containers, Red Hat Enterprise Linux & OpenShift > Email: smccarty(a)redhat.com > Phone: 312-660-3535 > Cell: 330-807-1043 > Web: http://crunchtools.com > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > > BTW do you see any AVC messages in /var/log/audit/audit.log? > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io