View Issue Details

IDProjectCategoryView StatusLast Update
0016694CentOS-7-OTHERpublic2019-11-04 07:58
Reportermarek.vesely-direct 
PriorityhighSeverityblockReproducibilityalways
Status newResolutionopen 
Product Version7.7-1908 
Target VersionFixed in Version 
Summary0016694: Podman cannot chdir: Permission denied in rootless mode
DescriptionPodman is not able to execute in rootless mode. It is writing: cannot chdir: Permission denied.
Steps To Reproduce1. Install Podman, create special user and group and add lines to /etc/subuid and /etc/subgid:
teamcityagent:200000:65536
2. Configure sysctl: sysctl user.max_user_namespaces=28633
3. execute command: "podman unshare cat /proc/self/uid_map" under teamcityagent user.
Additional InformationVersion-Release number of podman:
Version: 1.4.4
RemoteAPI Version: 1
Go Version: go1.10.3
OS/Arch: linux/amd64

Actual results:
$ podman unshare cat /proc/self/uid_map
cannot chdir: Permission denied
0 0 4294967295

Expected results:
$ podman unshare cat /proc/self/uid_map
0 1001 1
1 100000 65536
65537 165536 65536
or similar

Additional info:
I followed steps from WIKI: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/managing_containers/finding_running_and_building_containers_with_podman_skopeo_and_buildah#set_up_for_rootless_containers . This is a VM in Vcenter running on CentOS 7.7.1908

Output from podman info --debug:
debug:
  compiler: gc
  git commit: ""
  go version: go1.10.3
  podman version: 1.4.4
host:
  BuildahVersion: 1.9.0
  Conmon:
    package: podman-1.4.4-4.el7.centos.x86_64
    path: /usr/libexec/podman/conmon
    version: 'conmon version 0.3.0, commit: unknown'
  Distribution:
    distribution: '"centos"'
    version: "7"
  MemFree: 1769316352
  MemTotal: 8200630272
  OCIRuntime:
    package: runc-1.0.0-65.rc8.el7.centos.x86_64
    path: /usr/bin/runc
    version: 'runc version spec: 1.0.1-dev'
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 8
  hostname: teamcity-iot-01.triglav.local
  kernel: 3.10.0-1062.1.2.el7.x86_64
  os: linux
  rootless: false
  uptime: 576h 17m 55s (Approximately 24.00 days)
registries:
  blocked: null
  insecure: null
  search:
  - registry.access.redhat.com
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.centos.org
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 1
  GraphDriverName: overlay
  GraphOptions: null
  GraphRoot: /var/lib/containers/storage
  GraphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 1
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes
Tagspodman
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-11-04 07:58 marek.vesely-direct New Issue
2019-11-04 07:58 marek.vesely-direct Tag Attached: podman