You are not logged in.
Hi all,
I want migrate docker to podman but I cannot start pods as non root.
Some data:
Using podman as non-root without pod, it works.
$ podman run -d --name nginx -p 32597:80 nginx:stable
eb15819f191f9715745bb3607a49494d72a96d00726dc9b7fb1adde399e1d2c2
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eb15819f191f docker.io/library/nginx:stable nginx -g daemon o... 3 seconds ago Up 2 seconds ago 0.0.0.0:32597->80/tcp nginx
$ podman rm -f nginx
With pod as root, it works.
# podman run -d --pod new:nginx -p 32597:80 nginx:stable
b76d64cd498d7fc8fd644bf0bdba6224b081afa1ae63c498f5d421dd253fae5e
# podman ps -a --pod
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES POD
b76d64cd498d docker.io/library/nginx:stable nginx -g daemon o... 44 seconds ago Up 43 seconds ago 0.0.0.0:32597->80/tcp trusting_noether dcb12491428f
8117a8f780c9 k8s.gcr.io/pause:3.1 44 seconds ago Up 44 seconds ago 0.0.0.0:32597->80/tcp dcb12491428f-infra dcb12491428f
# podman pod rm -f nginx
With pod as non-root, it doesn't work !
$ podman run -d --pod new:nginx -p 32597:80 nginx:stable
ERRO[0000] error starting some container dependencies
ERRO[0000] "container_linux.go:346: starting container process caused \"process_linux.go:449: container init caused \\\"rootfs_linux.go:147: setting rootfs as readonly caused \\\\\\\"operation not permitted\\\\\\\"\\\"\": OCI runtime permission denied error"
Error: error starting some containers: internal libpod error
Is there anyone who can help me? Or just explain me why it does not work?
Last edited by cqknard (2019-10-21 20:42:53)
Offline
Have you set up subuid and subgid ranges for your username?
https://wiki.archlinux.org/index.php/Bu … containers
https://opensource.com/article/19/2/how … odman-work
Some other pitfalls: https://opensource.com/article/19/5/sho … containers
Edit: Sorry, missed that unprivileged non-pod works for you.
Last edited by progandy (2019-10-21 22:17:42)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I found the solution.
For poeple who want test same I found the solution.
For poeple who want test same.
First install fuse-overlayfs for aur and then configure mount-program in your .config/containers/storage.conf
[storage]
driver = "overlay"
...
[storage.options]
...
mount_program = "/usr/bin/fuse-overlayfs"
...
Then all runs good.
$ podman run -d --pod new:nginx -p 32597:80 nginx:stable
Trying to pull docker.io/library/nginx:stable...
Getting image source signatures
Copying blob acac1733566a done
Copying blob 1a68d586ce85 done
Copying blob 8d691f585fa8 done
Copying config b50b08c36b done
Writing manifest to image destination
Storing signatures
af2a4ce519369ba855bb94f9e18c98b1fe264b54ef22d228c0baeb749b717b29
$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af2a4ce51936 docker.io/library/nginx:stable nginx -g daemon o... 4 seconds ago Up 4 seconds ago 0.0.0.0:32597->80/tcp hopeful_liskov
f8a0a50231a6 k8s.gcr.io/pause:3.1 4 seconds ago Up 4 seconds ago 0.0.0.0:32597->80/tcp 665d647a34b5-infra
$ curl http://127.0.0.1:32597
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
knard@toshiba ~ $
Last edited by cqknard (2019-10-28 14:47:15)
Offline