[Bug]: The cgroupv2 manager is set to systemd but there is no systemd user session available #17202

https://github.com/containers/podman/issues/17202

definename opened on Jan 25, 2023 · edited by definename Issue Description I am trying to get –cpu-quota working for rootless user. In order to do that cgroupManager was set to systemd and systemd was enabled for crun. For root user –cpu-quota works fine. But for rootless user –cpu-quota does not work and the following warning messages are seen for all podman commands:

WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs Steps to reproduce the issue Steps to reproduce the issue

load image [applexec@host ~]$ [applexec@host ~]$ podman load -i /opt/appl/data/containers/images/busybox-arm64 v8-1.35.0.tar WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs Getting image source signatures Copying blob 9c8aecfea3b4 done Copying config 4e294bde60 done Writing manifest to image destination Storing signatures Loaded image(s): docker.io/arm64v8/busybox:1.35.0 [applexec@host ~]$ Image is loaded but podman do not like to use cgroupManage=systemd and is fallen back to cgroupManage=cgroupfs

Describe the results you received [root@host ~]# su - applexec [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ podman load -i /opt/appl/data/containers/images/busybox-arm64 v8-1.35.0.tar WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs Getting image source signatures Copying blob 9c8aecfea3b4 done Copying config 4e294bde60 done Writing manifest to image destination Storing signatures Loaded image(s): docker.io/arm64v8/busybox:1.35.0 [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ podman run -dt –name=container1 –network=none –cpu-quota=7 0000 docker.io/arm64v8/busybox:1.35.0 sh -c ‘while true; do true; done’ WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs ec14853b8c284dffcaf1157b3a7cfabc70e6316906341a1a397fdddfbc725196 [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ podman container stats -a WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 1.82% 169.1MB / 2.075GB 8.15% – / – – / – 29 ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 99.92% 169.2MB / 2.075GB 8.15% – / – – / – 29 ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 100.19% 169MB / 2.075GB 8.15% – / – – / – 29 ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 99.55% 169.2MB / 2.075GB 8.15% – / – – / – 29 ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 99.18% 169MB / 2.075GB 8.15% – / – – / – 29 ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS ec14853b8c28 container1 98.67% 169MB / 2.075GB 8.15% – / – – / – 29 [applexec@host ~]$ [applexec@host ~]$ As you can see warning massage seen and podman is fallen back to cgroupManager=cgroupfs

Describe the results you expected I expect the following warning messages not observed

WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs podman info output In containers.conf cgroupManager is set to systemd but podman falling it back to cgroupfs

[applexec@host ~]$ [applexec@host ~]$ podman info WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs host: arch: arm64 buildahVersion: 1.21.3 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v2 conmon: package: Unknown path: /usr/sbin/conmon version: ‘conmon version 2.0.29, commit: 7e6de6678f6ed8a18661e1d5721b81ccee293b9b’ cpus: 2 distribution: distribution: ptxdist version: 2018.07.0 eventLogger: file hostname: host idMappings: gidmap: - container_id: 0 host_id: 200 size: 1 - container_id: 1 host_id: 50000 size: 65536 uidmap: - container_id: 0 host_id: 10003 size: 1 - container_id: 1 host_id: 50000 size: 65536 kernel: 5.4.70 linkmode: dynamic memFree: 1583759360 memTotal: 2074529792 ociRuntime: name: crun package: Unknown path: /usr/sbin/crun version: |- crun version 1.4.5 commit: c381048530aa750495cf502ddb7181f2ded5b400 spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL os: linux remoteSocket: path: /tmp/podman-run-10003/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /etc/containers/seccomp.json selinuxEnabled: false serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: Unknown version: |- slirp4netns version 1.2.0 commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383 libslirp: 4.7.0 SLIRP_CONFIG_VERSION_MAX: 4 libseccomp: 2.5.1 swapFree: 0 swapTotal: 0 uptime: 1h 23m 21.86s (Approximately 0.04 days) registries: {} store: configFile: /opt/appl/.config/containers/storage.conf containerStore: number: 1 paused: 0 running: 1 stopped: 0 graphDriverName: overlay graphOptions: overlay.mount_program: Executable: /usr/bin/fuse-overlayfs Package: Unknown Version: |- fusermount3 version: 3.0.0 fuse-overlayfs: version 1.8.2 FUSE library version 3.4.1 using FUSE kernel interface version 7.27 graphRoot: /opt/appl/data/containers/storage/applexec graphStatus: Backing Filesystem: extfs Native Overlay Diff: “false” Supports d_type: “true” Using metacopy: “false” imageStore: number: 1 runRoot: /tmp/podman-run-10003/containers volumePath: /opt/appl/data/containers/storage/applexec/volumes version: APIVersion: 3.2.3 Built: 0 BuiltTime: Thu Jan 1 00:00:00 1970 GitCommit: “” GoVersion: go1.16.5 OsArch: linux/arm64 Version: 3.2.3

[applexec@host ~]$ Podman in a container No

Privileged Or Rootless Rootless

Upstream Latest Release No

Additional environment details [applexec@host ~]$ [applexec@host ~]$ podman version WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs Version: 3.2.3 API Version: 3.2.3 Go Version: go1.16.5 Built: Thu Jan 1 00:00:00 1970 OS/Arch: linux/arm64 [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ uname -a Linux host 5.4.70 #1 SMP PREEMPT Mon Jan 16 09:59:01 UTC 2023 aarch64 GNU/Linux [applexec@host ~]$

Additional information These warnings are seen for all podman commands

Activity

definename added kind/bug Categorizes issue or PR as related to a bug. on Jan 25, 2023

definename mentioned this on Jan 25, 2023 [Bug]: Error: OCI runtime error: systemd not supported: Operation not supported #17196 mheon mheon commented on Jan 25, 2023 mheon on Jan 25, 2023 Member [root@host ~]# su - applexec

This is likely the problem. su does not create systemd login sessions (at least last I checked, which was admittedly over a year ago).

You can either enable lingering for the user with loginctl enable-linger or replace su with machinectl login.

definename definename commented on Jan 25, 2023 definename on Jan 25, 2023 Author Hello @mheon I was trying to use machinectl login and the same warnings are observed:

[root@host ~]# machinectl login Connected to the local host. Press ^] three times within 1s to exit session.

host login: applexec [applexec@host ~]$ [applexec@host ~]$ [applexec@host ~]$ podman load -i /opt/appl/data/containers/images/busybox-arm64 v8-1.35.0.tar WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs WARN[0000] The cgroupv2 manager is set to systemd but there is no systemd user session available WARN[0000] For using systemd, you may need to login using an user session WARN[0000] Alternatively, you can enable lingering with: loginctl enable-linger 10003 (possibly as root) WARN[0000] Falling back to –cgroup-manager=cgroupfs Getting image source signatures Copying blob 9c8aecfea3b4 done Copying config 4e294bde60 done Writing manifest to image destination Storing signatures Loaded image(s): docker.io/arm64v8/busybox:1.35.0 [applexec@host ~]$ [applexec@host ~]$ giuseppe giuseppe commented on Jan 25, 2023 giuseppe on Jan 25, 2023 Member what system are you using? What systemd version is available?

It might be a too old systemd.

What do you see if you run the command systemd-run –scope –user -pCPUWeight=1 echo hi?

definename definename commented on Jan 25, 2023 definename on Jan 25, 2023 Author Hello @giuseppe,

Here are answers to your questions

[root@host pam.d]# [root@host pam.d]# uname -a Linux host 5.4.70 #1 SMP PREEMPT Mon Jan 16 09:59:01 UTC 2023 aarch64 GNU/Linux [root@host pam.d]# [root@host pam.d]# [root@host pam.d]# systemctl –version systemd 243 (243-68-ged872da) -PAM -AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS -ACL -XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN -PCRE2 default-hierarchy=unified [root@host pam.d]# [root@host pam.d]# [root@host pam.d]# systemd-run –scope –user -pCPUWeight=1 echo hi Failed to create bus connection: No such file or directory [root@host pam.d]# [root@host pam.d]# [root@host pam.d]#

giuseppe giuseppe commented on Jan 25, 2023 giuseppe on Jan 25, 2023 Member so that is a system issue, I am not familiar with your distro to be of any help. You need to figure out why systemd-run fails, only after that works we can get Podman to work.

giuseppe closed this as completedon Jan 25, 2023

github-actions added locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. on Sep 3, 2023

github-actions locked as resolved and limited conversation to collaborators on Sep 3, 2023

Updated: