[arch-general] cgroups_v2 and rootless podman

[arch-general] cgroups_v2 and rootless podman

https://lists.archlinux.org/pipermail/arch-general/2021-March/048786.html

[arch-general] cgroups_v2 and rootless podman samirnassar at posteo.de samirnassar at posteo.de Fri Mar 19 10:40:56 UTC 2021 Previous message (by thread): [arch-general] snapcraft Next message (by thread): [arch-general] cgroups_v2 and rootless podman Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hello,

I am trying to make rootless podman work based off of: https://wiki.archlinux.org/index.php/Podman#Rootless_Podman and I am wondering if I am missing something or if there might be old information in the wiki pages: https://wiki.archlinux.org/index.php/Podman and https://wiki.archlinux.org/index.php/Cgroups

https://wiki.archlinux.org/index.php/Podman#Rootless_Podman says: Rootless Podman requires using cgroups v2. See cgroups on how to check whether v1 (default) or v2 is used and how to switch to cgroups v2. So I use the instructions at: https://wiki.archlinux.org/index.php/Cgroups#Switching_to_cgroups_v2

So here is what I did:

from /etc/default/grub: GRUB_CMDLINE_LINUX_DEFAULT=”consoleblank=0 nomodeseti systemd.unified_cgroup_hierarchy=1”

$ ls -al /sys/fs/cgroup total 0 dr-xr-xr-x 11 root root 0 Mar 19 10:56 . drwxr-xr-x 7 root root 0 Mar 19 10:56 .. -r–r–r– 1 root root 0 Mar 19 10:56 cgroup.controllers -rw-r–r– 1 root root 0 Mar 19 10:57 cgroup.max.depth -rw-r–r– 1 root root 0 Mar 19 10:57 cgroup.max.descendants -rw-r–r– 1 root root 0 Mar 19 10:56 cgroup.procs -r–r–r– 1 root root 0 Mar 19 10:57 cgroup.stat -rw-r–r– 1 root root 0 Mar 19 10:56 cgroup.subtree_control -rw-r–r– 1 root root 0 Mar 19 10:57 cgroup.threads -rw-r–r– 1 root root 0 Mar 19 10:57 cpu.pressure -r–r–r– 1 root root 0 Mar 19 10:57 cpuset.cpus.effective -r–r–r– 1 root root 0 Mar 19 10:57 cpuset.mems.effective …

I also set up /etc/subuid and /etc/subgid :

$ cat /etc/subuid administrator:100000:65536 $ cat /etc/subgid administrator:100000:65536

Trying to get podman to work :

$ podman info Error: cannot setup namespace using newuidmap: exit status 1

$ podman system migrate Error: cannot setup namespace using newuidmap: exit status 1

When I remove /etc/subuid and /etc/subgid , I get:

$ podman info –debug ERRO[0000] cannot find UID/GID for user administrator: open /etc/subuid: no such file or directory - check rootless mode in man pages. WARN[0000] using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids …

Then I created empty /etc/subuid and /etc/subgid , and I got:

$ podman info –debug host: arch: amd64 buildahVersion: 1.19.4 cgroupManager: systemd cgroupVersion: v2 conmon: package: /usr/bin/conmon is owned by conmon 1:2.0.27-1 path: /usr/bin/conmon version: ‘conmon version 2.0.27, commit: 65fad4bfcb250df0435ea668017e643e7f462155’ cpus: 1 distribution: distribution: arch version: unknown eventLogger: journald hostname: archlinux-minimal idMappings: gidmap: - container_id: 0 host_id: 60338 size: 1 uidmap: - container_id: 0 host_id: 60338 size: 1 kernel: 5.11.7-arch1-1 linkmode: dynamic memFree: 1745731584 memTotal: 2026967040 ociRuntime: name: crun package: /usr/bin/crun is owned by crun 0.18-1 path: /usr/bin/crun version: |- crun version 0.18 commit: 808420efe3dc2b44d6db9f1a3fac8361dde42a95 spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL os: linux remoteSocket: path: /run/user/60338/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true selinuxEnabled: false slirp4netns: executable: /usr/bin/slirp4netns package: /usr/bin/slirp4netns is owned by slirp4netns 1.1.9-1 version: |- slirp4netns version 1.1.9 commit: 4e37ea557562e0d7a64dc636eff156f64927335e libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.1 swapFree: 0 swapTotal: 0 uptime: 37m 10.76s registries: {} store: configFile: /home/administrator/.config/containers/storage.conf containerStore: number: 5 paused: 0 running: 0 stopped: 5 graphDriverName: overlay graphOptions: overlay.mount_program: Executable: /usr/bin/fuse-overlayfs Package: /usr/bin/fuse-overlayfs is owned by fuse-overlayfs 1.4.0-1 Version: |- fusermount3 version: 3.10.2 fuse-overlayfs: version 1.4 FUSE library version 3.10.2 using FUSE kernel interface version 7.31 graphRoot: /home/administrator/.local/share/containers/storage graphStatus: Backing Filesystem: btrfs Native Overlay Diff: “false” Supports d_type: “true” Using metacopy: “false” imageStore: number: 1 runRoot: /run/user/60338/containers volumePath: /home/administrator/.local/share/containers/storage/volumes version: APIVersion: 3.0.0 Built: 1613921386 BuiltTime: Sun Feb 21 16:29:46 2021 GitCommit: c640670e85c4aaaff92741691d6a854a90229d8d GoVersion: go1.16 OsArch: linux/amd64 Version: 3.0.1

$ pacman -Qs podman local/podman 3.0.1-2 Tool and library for running OCI-based containers in pods $ pacman -Qs crun local/crun 0.18-1 A fast and lightweight fully featured OCI runtime and C library for running containers

$ uname -a Linux archlinux-minimal 5.11.7-arch1-1 #1 SMP PREEMPT Wed, 17 Mar 2021 16:59:58 +0000 x86_64 GNU/Linux

If you have any insights or ideas I would be happy if you shared them.

Regards, Samir Nassar Previous message (by thread): [arch-general] snapcraft Next message (by thread): [arch-general] cgroups_v2 and rootless podman Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the arch-general mailing list