On 6/15/21 14:38, W. Michael Petullo wrote:
I am trying to modify OpenWrt and its podman package to allow users
other than root to manage containers on that system.
I have made some progress, including working through some "bugs" in
podman and the OpenWrt packages:
A summary of my work so far exists at
There are two things I do not yet understand, so I am looking for a
summary of how these things work or some recommended reading regarding
(1) Non-root users cannot write to /sys/fs/cgroup/*. I am not sure how to
safely handle this, and I have not yet figured out how other distributions
do it. Does a privileged agent exist that performs the updates to
/sys/fs/cgroup that are necessary to setup a container?
(2) Running "podman run ..." wants to mount /proc and so on in the
container. This fails when run as non-root with "mounting '/proc' to
rootfs at '/proc' caused: operation not permitted." Again, I am not sure
what performs these privileged operations on other distributions.
It would probably be better to deal with this as issues rather then as
On issue 1, are you using cgroupv2? Or cgroupv1, which will never be
Issue 2, I don't understand what you are trying to do. Lets continue
inside of issues.