Container creation as root, works as rootless user but not root (podman 4.8.3, conmon 2.1.8) #493
Description
Currently getting undesirable behavior when attempting to create a container from a root user, but when performing the same or similar action from a rootless user the container is created without issues. This is the same for the custom container or if the container is simply hello-world.
Error from root user: Error: container create failed (no logs from conmon): conmon bytes "": readObjectStart: expect { or n, but found , error found in #0 byte of ...||..., bigger context ...||...
podman info:
arch: arm
buildahVersion: 1.33.2
cgroupControllers:
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: Unknown
path: /usr/bin/conmon
version: 'conmon version 2.1.8, commit: 6d88cb3672a3dceeb4b045a92dc4d4285c9f4efd'
cpuUtilization:
idlePercent: 49.84
systemPercent: 22.96
userPercent: 27.21
cpus: 2
databaseBackend: sqlite
distribution:
codename: nanbield
distribution: trmb-judo
version: 0.7.0.dev0-2024.1.4
eventLogger: journald
freeLocks: 2047
hostname: mp1010
idMappings:
gidmap: null
uidmap: null
kernel: 6.1.69-g-g
linkmode: dynamic
logDriver: journald
memFree: 3126398976
memTotal: 4098801664
networkBackend: cni
networkBackendInfo:
backend: cni
dns: {}
ociRuntime:
name: runc
package: Unknown
path: /usr/bin/runc
version: |-
runc version 1.1.10+dev
commit: v1.1.10-2-gf3446b1e-dirty
spec: 1.0.2-dev
go: go1.20.13
libseccomp: 2.5.5
os: linux
pasta:
executable: ""
package: ""
version: ""
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: Unknown
version: |-
slirp4netns version 1.2.0-beta.0+dev
commit: unknown
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.5
swapFree: 0
swapTotal: 0
uptime: 0h 1m 20.00s
variant: v7
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
- registry.fedoraproject.org
- quay.io
- registry.access.redhat.com
- registry.centos.org
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 5
paused: 0
running: 0
stopped: 5
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev
graphRoot: /root/.local/share/containers/storage
graphRootAllocated: 28565897216
graphRootUsed: 1130864640
graphStatus:
Backing Filesystem: overlayfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /root/.local/share/containers/storage/temp
transientStore: false
volumePath: /root/.local/share/containers/storage/volumes
version:
APIVersion: 4.8.3-dev
Built: 1702297875
BuiltTime: Mon Dec 11 12:31:15 2023
GitCommit: 0ec4c8b1d7d6fc273d50064f87a6c0b2d269fdcd
GoVersion: go1.20.13
Os: linux
OsArch: linux/arm
Version: 4.8.3-dev
I also updated to 2.1.10 of conmon, and different versions of podman (4.7.3-> latest) and it was the same result. I originally had the data store locations as /var/lib/containers/storage and /run/containers/storage, (i.e. the default) but this also did not get around this error.
uname -a
Linux device-name 6.1.69-g-g #1 SMP PREEMPT Wed Feb 7 15:26:29 UTC 2024 armv7l GNU/Linux