Rootless podman run with cgroups v2 and custom podman network fails. #8944
Rootless podman run with cgroups v2 and custom podman network fails. #8944
https://github.com/containers/podman/issues/8944
Darkclainer opened on Jan 12, 2021 Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
Rootless podman run with cgroups v2 and custom podman network fails.
Same steps works with cgroups v1.
Steps to reproduce the issue:
Configure your system to use cgroups v2 Create some network podman network create failnet Run any container with created network podman run –rm –net failnt docker.io/hello-world Describe the results you received:
Container doesn’t run, error returned:
Error: writing file /sys/fs/cgroup//user.slice/user-1000.slice/user@1000.service/user.slice/libpod-80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183.scope/container/cgroup.procs: Permission denied: OCI permission denied
Describe the results you expected:
Container successfully run.
Additional information you deem important (e.g. issue happens only occasionally):
Output of podman version:
Version: 2.2.1 API Version: 2.1.0 Go Version: go1.15.6 Git Commit: a0d478edea7f775b7ce32f8eb1a01e75374486cb Built: Wed Dec 9 00:48:23 2020 OS/Arch: linux/amd64 Output of podman info –debug:
host: arch: amd64 buildahVersion: 1.18.0 cgroupManager: systemd cgroupVersion: v2 conmon: package: Unknown path: /usr/bin/conmon version: ‘conmon version 2.0.22, commit: 9c34a8663b85e479e0c083801e89a2b2835228ed’ cpus: 8 distribution: distribution: manjaro version: unknown eventLogger: journald hostname: diodell idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 5.4.85-1-MANJARO linkmode: dynamic memFree: 2054860800 memTotal: 8202174464 ociRuntime: name: crun package: Unknown path: /usr/bin/crun version: |- crun version 0.16 commit: eb0145e5ad4d8207e84a327248af76663d4e50dd spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL os: linux remoteSocket: path: /run/user/1000/podman/podman.sock rootless: true slirp4netns: executable: /usr/bin/slirp4netns package: Unknown version: |- slirp4netns version 1.1.8 commit: d361001f495417b880f20329121e3aa431a8f90f libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.1 swapFree: 17050103808 swapTotal: 17179865088 uptime: 3h 50m 0.75s (Approximately 0.12 days) registries: {} store: configFile: /home/dio/.config/containers/storage.conf containerStore: number: 4 paused: 0 running: 3 stopped: 1 graphDriverName: overlay graphOptions: overlay.mount_program: Executable: /usr/bin/fuse-overlayfs Package: Unknown Version: |- fusermount3 version: 3.10.1 fuse-overlayfs: version 1.3 FUSE library version 3.10.1 using FUSE kernel interface version 7.31 graphRoot: /home/dio/.local/share/containers/storage graphStatus: Backing Filesystem: extfs Native Overlay Diff: “false” Supports d_type: “true” Using metacopy: “false” imageStore: number: 15 runRoot: /run/user/1000/containers volumePath: /home/dio/.local/share/containers/storage/volumes version: APIVersion: 2.1.0 Built: 1607464103 BuiltTime: Wed Dec 9 00:48:23 2020 GitCommit: a0d478edea7f775b7ce32f8eb1a01e75374486cb GoVersion: go1.15.6 OsArch: linux/amd64 Version: 2.2.1 Package info (e.g. output of rpm -q podman or apt list podman):
With pacman -Si podman
Repository : community Name : podman Version : 2.2.1-1 Description : Tool and library for running OCI-based containers in pods Architecture : x86_64 URL : https://github.com/containers/libpod licences : Apache Groups : None Provides : None Depends On : cni-plugins conmon containers-common device-mapper iptables libseccomp runc slirp4netns libsystemd fuse-overlayfs libgpgme.so=11-64 Optional Deps : podman-docker: for Docker-compatible CLI btrfs-progs: support btrfs backend devices catatonit: –init flag support crun: support for unified cgroupsv2 Conflicts With : None Replaces : None Download Sise : 19.57 MiB Installed Sise : 79.09 MiB Packager : Morten Linderud foxboron@archlinux.org Build Date : Wed 09 Dec 2020 12:48:23 AM MSK Validated By : MD5 Sum SHA-256 Sum Signature Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes (Latest released version)
Additional environment details (AWS, VirtualBox, physical, etc.):
physical
Activity
openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. on Jan 12, 2021 mheon mheon commented on Jan 13, 2021 mheon on Jan 13, 2021 Member My first guess would be that this is the rootless CNI infra container failing - can you add –log-level=debug to your podman run command and provide the full output?
Darkclainer Darkclainer commented on Jan 13, 2021 Darkclainer on Jan 13, 2021 Author Sure. Also I noticed that log differ between first and second run of command podman –log-level debug run –rm –net failnet docker.io/hello-world after system restart.
First run:
INFO[0000] podman filtering at log level debug DEBU[0000] Called run.PersistentPreRunE(podman –log-level debug run –rm –net failnet docker.io/hello-world) DEBU[0000] Reading configuration file “/usr/share/containers/containers.conf” DEBU[0000] Merged system config “/usr/share/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}} DEBU[0000] Reading configuration file “/etc/containers/containers.conf” DEBU[0000] Merged system config “/etc/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}} DEBU[0000] Using conmon: “/usr/bin/conmon” DEBU[0000] Initialising boltdb state at /home/dio/.local/share/containers/storage/libpod/bolt_state.db DEBU[0000] Using graph driver overlay DEBU[0000] Using graph root /home/dio/.local/share/containers/storage DEBU[0000] Using run root /run/user/1000/containers DEBU[0000] Using static dir /home/dio/.local/share/containers/storage/libpod DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp DEBU[0000] Using volume path /home/dio/.local/share/containers/storage/volumes DEBU[0000] Set libpod namespace to “” DEBU[0000] Not configuring container store DEBU[0000] Initialising event backend journald DEBU[0000] using runtime “/usr/bin/runc” DEBU[0000] using runtime “/usr/bin/crun” WARN[0000] Error initialising configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument INFO[0000] podman filtering at log level debug DEBU[0000] Called run.PersistentPreRunE(podman –log-level debug run –rm –net failnet docker.io/hello-world) DEBU[0000] Reading configuration file “/usr/share/containers/containers.conf” DEBU[0000] Merged system config “/usr/share/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}} DEBU[0000] Reading configuration file “/etc/containers/containers.conf” DEBU[0000] Merged system config “/etc/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}} DEBU[0000] Using conmon: “/usr/bin/conmon” DEBU[0000] Initialising boltdb state at /home/dio/.local/share/containers/storage/libpod/bolt_state.db DEBU[0000] Using graph driver overlay DEBU[0000] Using graph root /home/dio/.local/share/containers/storage DEBU[0000] Using run root /run/user/1000/containers DEBU[0000] Using static dir /home/dio/.local/share/containers/storage/libpod DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp DEBU[0000] Using volume path /home/dio/.local/share/containers/storage/volumes DEBU[0000] Set libpod namespace to “” DEBU[0000] [graphdriver] trying provided driver “overlay” DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false DEBU[0000] Initialising event backend journald DEBU[0000] using runtime “/usr/bin/runc” DEBU[0000] using runtime “/usr/bin/crun” WARN[0000] Error initialising configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument DEBU[0000] Initialised SHM lock manager at path /libpod_rootless_lock_1000 DEBU[0000] Podman detected system restart - performing state refresh ERRO[0000] Error creating CGroup for pod 3bfc8bdbb6bd9631d2009d1c0009752ed4b4a7daffaaee196c00c6020746d40c: cannot assemble cgroup path with base “/libpod_parent” - must end in .slice: invalid argument DEBU[0000] Created cgroup path user.slice/user-libpod_pod_e4bd0ac830ba3c3d026ee6998a3662e70bc44d2cbf6560b0da570a69172ba39b.slice for parent user.slice and name libpod_pod_e4bd0ac830ba3c3d026ee6998a3662e70bc44d2cbf6560b0da570a69172ba39b DEBU[0000] Created cgroup user.slice/user-libpod_pod_e4bd0ac830ba3c3d026ee6998a3662e70bc44d2cbf6560b0da570a69172ba39b.slice INFO[0000] Setting parallel job count to 25 DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest” DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest” DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest” DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] using systemd mode: false DEBU[0000] No hostname set; container’s hostname will default to runtime default DEBU[0000] Loading seccomp profile from “/etc/containers/seccomp.json” DEBU[0000] Allocated lock 7 for container db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b” DEBU[0000] created container “db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a” DEBU[0000] container “db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a” has work directory “/home/dio/.local/share/containers/storage/overlay-containers/db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a/userdata” DEBU[0000] container “db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a” has run directory “/run/user/1000/containers/overlay-containers/db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a/userdata” DEBU[0000] Not attaching to stdin DEBU[0000] rootless CNI: infra container “80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183” is “configured”, being started DEBU[0000] overlay: mount_data=lowerdir=/home/dio/.local/share/containers/storage/overlay/l/3ALJ3GFPP2MAP6PFIRXGYUHC5G,upperdir=/home/dio/.local/share/containers/storage/overlay/2753582ca0aea88fcd0b831d57f486be9d5288b760b2208fd7f9b0c830743166/diff,workdir=/home/dio/.local/share/containers/storage/overlay/2753582ca0aea88fcd0b831d57f486be9d5288b760b2208fd7f9b0c830743166/work DEBU[0000] Made network namespace at /run/user/1000/netns/cni-22502e2c-24af-588e-9cd1-7a8f7ca7c323 for container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 DEBU[0000] mounted container “db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a” at “/home/dio/.local/share/containers/storage/overlay/2753582ca0aea88fcd0b831d57f486be9d5288b760b2208fd7f9b0c830743166/merged” DEBU[0000] Created root filesystem for container db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a at /home/dio/.local/share/containers/storage/overlay/2753582ca0aea88fcd0b831d57f486be9d5288b760b2208fd7f9b0c830743166/merged DEBU[0000] slirp4netns command: /usr/bin/slirp4netns –disable-host-loopback –mtu 65520 –enable-sandbox –enable-seccomp -c -e 3 -r 4 –netns-type=path /run/user/1000/netns/cni-22502e2c-24af-588e-9cd1-7a8f7ca7c323 tap0 DEBU[0000] overlay: mount_data=lowerdir=/home/dio/.local/share/containers/storage/overlay/l/BO4M47BDVPMVM6UQNGIHXPQFRR:/home/dio/.local/share/containers/storage/overlay/l/YFNE7GRDAVNWTLQYGUFZ7QTVNF:/home/dio/.local/share/containers/storage/overlay/l/QIUVY267NOWKWJGNMH7OHYZGNP:/home/dio/.local/share/containers/storage/overlay/l/5F2SNUPHL7LKHRRA7CMPYXBZHE:/home/dio/.local/share/containers/storage/overlay/l/TXP74RIR6ZVRMWSB5MYHQ3VDHH:/home/dio/.local/share/containers/storage/overlay/l/F5G3D6QGSGGGHB75DMWN75ZE5O,upperdir=/home/dio/.local/share/containers/storage/overlay/431d6ce36c4d774e41470c139def83d6be758cb1bcffc7cb458681cc8930fa7f/diff,workdir=/home/dio/.local/share/containers/storage/overlay/431d6ce36c4d774e41470c139def83d6be758cb1bcffc7cb458681cc8930fa7f/work DEBU[0000] mounted container “80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183” at “/home/dio/.local/share/containers/storage/overlay/431d6ce36c4d774e41470c139def83d6be758cb1bcffc7cb458681cc8930fa7f/merged” DEBU[0000] Created root filesystem for container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 at /home/dio/.local/share/containers/storage/overlay/431d6ce36c4d774e41470c139def83d6be758cb1bcffc7cb458681cc8930fa7f/merged DEBU[0000] skipping unrecognised mount in /etc/containers/mounts.conf: “# Configuration file for default mounts in containers (see man 5” DEBU[0000] skipping unrecognised mount in /etc/containers/mounts.conf: “# containers-mounts.conf for further information)” DEBU[0000] skipping unrecognised mount in /etc/containers/mounts.conf: “” DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode secret WARN[0000] User mount overriding libpod mount at “/dev/shm” DEBU[0000] Setting CGroups for container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 to user.slice:libpod:80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d DEBU[0000] Created OCI spec for container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 at /home/dio/.local/share/containers/storage/overlay-containers/80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183/userdata/config.json DEBU[0000] /usr/bin/conmon messages will be logged to syslog DEBU[0000] running conmon: /usr/bin/conmon args=”[–api-version 1 -c 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 -u 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 -r /usr/bin/crun -b /home/dio/.local/share/containers/storage/overlay-containers/80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183/userdata -p /run/user/1000/containers/overlay-containers/80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183/userdata/pidfile -n rootless-cni-infra –exit-dir /run/user/1000/libpod/tmp/exits –socket-dir-path /run/user/1000/libpod/tmp/socket -s -l k8s-file:/home/dio/.local/share/containers/storage/overlay-containers/80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183/userdata/ctr.log –log-level debug –syslog –conmon-pidfile /run/user/1000/containers/overlay-containers/80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183/userdata/conmon.pid]” [conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied
DEBU[0000] Received: 1556
INFO[0000] Got Conmon PID as 1553
DEBU[0000] Created container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 in OCI runtime
DEBU[0000] Starting container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183 with command [sleep infinity]
DEBU[0000] Started container 80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183
DEBU[0000] rootless CNI: infra container “80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183” is running
DEBU[0000] rootless CNI: alloc “db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a”, “failnet”, “trusting_antonelli”
DEBU[0000] rootlessCNIInfraExec: c.ID()=80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183, config={Command:[rootless-cni-infra alloc db220e0ce86e33e3800ac4d61ac255c45340556fc2936349ce47c1fa3e40703a failnet trusting_antonelli] Terminal:false AttachStdin:false AttachStdout:false AttachStderr:false DetachKeys:
INFO[0000] podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(podman –log-level debug run –rm –net failnet docker.io/hello-world)
DEBU[0000] Reading configuration file “/usr/share/containers/containers.conf”
DEBU[0000] Merged system config “/usr/share/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}}
DEBU[0000] Reading configuration file “/etc/containers/containers.conf”
DEBU[0000] Merged system config “/etc/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}}
DEBU[0000] Using conmon: “/usr/bin/conmon”
DEBU[0000] Initialising boltdb state at /home/dio/.local/share/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /home/dio/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1000/containers
DEBU[0000] Using static dir /home/dio/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
DEBU[0000] Using volume path /home/dio/.local/share/containers/storage/volumes
DEBU[0000] Set libpod namespace to “”
DEBU[0000] Not configuring container store
DEBU[0000] Initialising event backend journald
WARN[0000] Error initialising configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] using runtime “/usr/bin/runc”
DEBU[0000] using runtime “/usr/bin/crun”
INFO[0000] Setting parallel job count to 25
INFO[0000] podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(podman –log-level debug run –rm –net failnet docker.io/hello-world)
DEBU[0000] Reading configuration file “/usr/share/containers/containers.conf”
DEBU[0000] Merged system config “/usr/share/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}}
DEBU[0000] Reading configuration file “/etc/containers/containers.conf”
DEBU[0000] Merged system config “/etc/containers/containers.conf”: &{Containers:{Devices:[] Volumes:[] ApparmorProfile:containers-default-0.29.0 Annotations:[] CgroupNS:private Cgroups:enabled DefaultCapabilities:[CHOWN DAC_OVERRIDE FOWNER FSETID KILL NET_BIND_SERVICE SETFCAP SETGID SETPCAP SETUID SYS_CHROOT] DefaultSysctls:[net.ipv4.ping_group_range=0 0] DefaultUlimits:[] DefaultMountsFile: DNSServers:[] DNSOptions:[] DNSSearches:[] EnableKeyring:true EnableLabeling:false Env:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=xterm] EnvHost:false HTTPProxy:false Init:false InitPath: IPCNS:private LogDriver:k8s-file LogSizeMax:-1 NetNS:slirp4netns NoHosts:false PidsLimit:2048 PidNS:private SeccompProfile:/usr/share/containers/seccomp.json ShmSise:65536k TZ: Umask:0022 UTSNS:private UserNS:host UserNSSise:65536} Engine:{ImageBuildFormat:oci CgroupCheck:false CgroupManager:systemd ConmonEnvVars:[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] ConmonPath:[/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] DetachKeys:ctrl-p,ctrl-q EnablePortReservation:true Env:[] EventsLogFilePath:/run/user/1000/libpod/tmp/events/events.log EventsLogger:journald HooksDir:[/usr/share/containers/oci/hooks.d] ImageDefaultTransport:docker:// InfraCommand: InfraImage:k8s.gcr.io/pause:3.2 InitPath:/usr/libexec/podman/catatonit LockType:shm MultiImageArchive:false Namespace: NetworkCmdPath: NoPivotRoot:false NumLocks:2048 OCIRuntime:crun OCIRuntimes:map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] PullPolicy:missing Remote:false RemoteURI: RemoteIdentity: ActiveService: ServiceDestinations:map[] RuntimePath:[] RuntimeSupportsJSON:[crun runc] RuntimeSupportsNoCgroups:[crun] RuntimeSupportsKVM:[kata kata-runtime kata-qemu kata-fc] SetOptions:{StorageConfigRunRootSet:false StorageConfigGraphRootSet:false StorageConfigGraphDriverNameSet:false StaticDirSet:false VolumePathSet:false TmpDirSet:false} SignaturePolicyPath:/etc/containers/policy.json SDNotify:false StateType:3 StaticDir:/home/dio/.local/share/containers/storage/libpod StopTimeout:10 TmpDir:/run/user/1000/libpod/tmp VolumePath:/home/dio/.local/share/containers/storage/volumes} Network:{CNIPluginDirs:[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] DefaultNetwork:podman NetworkConfigDir:/home/dio/.config/cni/net.d}}
DEBU[0000] Using conmon: “/usr/bin/conmon”
DEBU[0000] Initialising boltdb state at /home/dio/.local/share/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /home/dio/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1000/containers
DEBU[0000] Using static dir /home/dio/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
DEBU[0000] Using volume path /home/dio/.local/share/containers/storage/volumes
DEBU[0000] Set libpod namespace to “”
DEBU[0000] [graphdriver] trying provided driver “overlay”
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false
DEBU[0000] Initialising event backend journald
DEBU[0000] using runtime “/usr/bin/runc”
DEBU[0000] using runtime “/usr/bin/crun”
WARN[0000] Error initialising configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument
INFO[0000] Setting parallel job count to 25
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest”
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest”
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/hello-world:latest”
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] using systemd mode: false
DEBU[0000] No hostname set; container’s hostname will default to runtime default
DEBU[0000] Loading seccomp profile from “/etc/containers/seccomp.json”
DEBU[0000] Allocated lock 7 for container 8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d
DEBU[0000] parsed reference into “[overlay@/home/dio/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] exporting opaque data as blob “sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b”
DEBU[0000] created container “8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d”
DEBU[0000] container “8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d” has work directory “/home/dio/.local/share/containers/storage/overlay-containers/8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d/userdata”
DEBU[0000] container “8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d” has run directory “/run/user/1000/containers/overlay-containers/8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d/userdata”
DEBU[0000] Not attaching to stdin
DEBU[0000] overlay: mount_data=lowerdir=/home/dio/.local/share/containers/storage/overlay/l/3ALJ3GFPP2MAP6PFIRXGYUHC5G,upperdir=/home/dio/.local/share/containers/storage/overlay/23604db53a8b3384b3a0787de479166a964de3d5228b87bea7952edc29c296cb/diff,workdir=/home/dio/.local/share/containers/storage/overlay/23604db53a8b3384b3a0787de479166a964de3d5228b87bea7952edc29c296cb/work
DEBU[0000] mounted container “8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d” at “/home/dio/.local/share/containers/storage/overlay/23604db53a8b3384b3a0787de479166a964de3d5228b87bea7952edc29c296cb/merged”
DEBU[0000] Created root filesystem for container 8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d at /home/dio/.local/share/containers/storage/overlay/23604db53a8b3384b3a0787de479166a964de3d5228b87bea7952edc29c296cb/merged
DEBU[0000] rootless CNI: infra container “80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183” is already running
DEBU[0000] rootless CNI: alloc “8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d”, “failnet”, “loving_benz”
DEBU[0000] rootlessCNIInfraExec: c.ID()=80b58075b3df2bf13f3f6178982e052ee659f90b5dcd2cee434fb04c4e811183, config={Command:[rootless-cni-infra alloc 8ac89418f0d8678f12d49ebaa7828b44e2643f26177ef69cc7e64d6ad9929b7d failnet loving_benz] Terminal:false AttachStdin:false AttachStdout:false AttachStderr:false DetachKeys:
mheon mheon commented on Jan 14, 2021 mheon on Jan 14, 2021 Member @giuseppe Any ideas on the cgroup permission error? That looks like a pretty reasonable cgroups v2 path to me.
giuseppe giuseppe commented on Jan 14, 2021 giuseppe on Jan 14, 2021 Member @mheon are you able to reproduce the issue above?
It looks strange that the cgroup issue could be caused by a different network namespace.
Does the same command work without –net failnet?
Darkclainer Darkclainer commented on Jan 14, 2021 Darkclainer on Jan 14, 2021 Author Yes, it does work as expected.
mheon mheon commented on Jan 14, 2021 mheon on Jan 14, 2021 Member @giuseppe I can’t repro over here. Strongly suspect it has something to do with environment - Manjaro + cgroups v2 isn’t something we test on much. We do seem to correctly detect that it is a v2 system, though.
giuseppe giuseppe commented on Jan 15, 2021 giuseppe on Jan 15, 2021 Member how was the user session created?
Does it make any difference if you wrap the commands with systemd-run –scope –user?
$ systemd-run –scope –user podman network create newnet $ systemd-run –scope –user podman run –rm –net newnet docker.io/hello-world Darkclainer Darkclainer commented on Jan 16, 2021 Darkclainer on Jan 16, 2021 Author @giuseppe,
I don’t quite understand your first question, hope this is what you wanted.
$ systemd-analyze critical-chain user@1000.service
user@1000.service +169ms └─systemd-user-sessions.service @1.779s +5ms └─network.target @1.776s └─NetworkManager.service @1.614s +162ms └─dbus.service @1.608s └─basic.target @1.603s └─sockets.target @1.603s └─dbus.socket @1.603s └─sysinit.target @1.599s └─systemd-backlight@leds:dell::kbd_backlight.service @2.052s +153ms └─system-systemd\x2dbacklight.slice @1.644s └─system.slice @460ms └─-.slice @460ms If I run container like this all works fine.
$ systemd-run –scope –user podman network create newnet $ systemd-run –scope –user podman run –rm –net newnet docker.io/hello-world giuseppe giuseppe commented on Jan 18, 2021 giuseppe on Jan 18, 2021 Member We have a check for verifying if the user owns the current systemd cgroup.
Is there a way for you to debug why UserOwnsCurrentSystemdCgroup is failing on your system?
umohnani8 assigned giuseppe on Feb 5, 2021 giuseppe giuseppe commented on Feb 6, 2021 giuseppe on Feb 6, 2021 Member I am not able to reproduce locally using the reproducer above so I suspect it is something related to the different environment.
I am going to close since there was no feedback for more than 15 days. Please reopen if the issue still persists and there are additional information that can help us find the reason for the failure.
giuseppe closed this as completedon Feb 6, 2021 daiaji daiaji commented on Feb 15, 2021 daiaji on Feb 15, 2021 · edited by daiaji @giuseppe
podman network create failnet
/home/test/.config/cni/net.d/failnet.conflist
podman run –rm –net failnt docker.io/hello-world
Trying to pull docker.io/library/hello-world:latest…
Getting image source signatures
Copying blob 0e03bdcc26d7 done
Copying config bf756fb1ae done
Writing manifest to image destination
Storing signatures
Error: command rootless-cni-infra [alloc d55458f7a1642890cf973c75a0ca824ff08672d4bd21500fb73999c3bef45f51 failnt youthful_villani ] in container 11d0ef416fa80ba4cb198dad7e25207379e226b754a6075c387a28d8ec0d182e failed with status 1, stdout=””, stderr=”no net configuration with name "failnt" in /etc/cni/net.d\n”
BUG seems to still exist.
But it seems to be a strange path error…, I also use cgroups v2 under manjaro.
wherka-ama wherka-ama commented on Aug 31, 2022 wherka-ama on Aug 31, 2022 @giuseppe
podman network create failnet
/home/test/.config/cni/net.d/failnet.conflist
podman run –rm –net failnt docker.io/hello-world
Trying to pull docker.io/library/hello-world:latest…
Getting image source signatures
Copying blob 0e03bdcc26d7 done
Copying config bf756fb1ae done
Writing manifest to image destination
Storing signatures
Error: command rootless-cni-infra [alloc d55458f7a1642890cf973c75a0ca824ff08672d4bd21500fb73999c3bef45f51 failnt youthful_villani ] in container 11d0ef416fa80ba4cb198dad7e25207379e226b754a6075c387a28d8ec0d182e failed with status 1, stdout=””, stderr=”no net configuration with name "failnt" in /etc/cni/net.d\n”
BUG seems to still exist. But it seems to be a strange path error…, I also use cgroups v2 under manjaro.
I’ve been just driving by and noticed a possibly genuine mistake during the filing of that issue i.e. the network name created reads failnet while the subsequent reference uses failnt. I’m not suggesting it was the only problem there, but it definitely affected the retest by @daiaji . Therefore I don’t think we should assume the bug as still present.
@daiaji :I’d say you should retest it with the same network name to confirm it, if you are still interested that is.. the bug is pretty old and I guess it is well and truly closed. Let’s hope so ;-)
github-actions added locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. on Sep 17, 2023
github-actions locked as resolved and limited conversation to collaborators on Sep 17, 2023