Bug 1734375

Summary: Podman not working rootless
Product: Red Hat Enterprise Linux 7 Reporter: Dominik <domosino44>
Component: podmanAssignee: Brent Baude <bbaude>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.6CC: dornelas, dwalsh, gscrivan, jligon, jnovy, lsm5, mheon, umohnani
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-30 12:53:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dominik 2019-07-30 11:52:55 UTC 
Description of problem:
Podman throws an error "Error: container create failed: cannot specify gid= mount options for unmapped gid in rootless containers
: internal libpod error" when try to run podman image as non-root (rootless mode) 

Version-Release number of selected component (if applicable):
Podman: 1.3.2
Go: go1.10.3
OS/Arch: linux/amd64

How reproducible:
100%

Steps to Reproduce:
1. yum install -y podman
2. curl -o /etc/yum.repos.d/rhel7.6-rootless-preview.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
3. yum install -y shadow-utils46-newxidmap slirp4netns 
4. useradd randomuser
5. passwd randomuser
6. echo "randomuser:100000:65536" >> /etc/subuid
7. echo "randomuser:100000:65536" >> /etc/subgid
8. podman run --rm -it alpine sh

Actual results:
Error: container create failed: cannot specify gid= mount options for unmapped gid in rootless containers
: internal libpod error

Expected results:
/ # 

Additional info:
Tried on Scientific Linux 7.6 and CentOS 7
Comment 2 Giuseppe Scrivano 2019-07-30 12:53:00 UTC 
Closing the bug as rootless containers are not supported on 7.6

The issue is in the version of runc available on 7.6, it has a bug that prevents rootless containers for working (it lacks upstream patch cbcc85d311725031e5957385f3ad43acfc0b66f2).  You'd need an updated runc binary.
Comment 3 Derrick Ornelas 2019-07-30 13:34:46 UTC 

*** This bug has been marked as a duplicate of bug 1719452 ***