Description of problem: When running this simple example as rootless podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd following the page https://podman.io/getting-started/ I get this error Error: sd-bus call: Permission denied: OCI runtime permission denied error Version-Release number of selected component (if applicable): podman-1.6.2-2.fc31.x86_64 How reproducible: every time Steps to Reproduce: 1. Run the example as normal user 2. 3. Actual results: podman does nothing Expected results: a container running Additional info:
Could you try to remove libpod.conf from homedir. rm -f ~/.config/containers/libpod.conf And then try again.
I think this might also be an older version of `crun`. Also, we really ought to update the tutorial, F27 is very out of date now.
removing libpod.conf does not solve the problem, this is the first time I'm running podman, and yes Is using crun, and I removed runc package from the system.
[ This looks like some sort of dbus problem; I'm adding Giuseppe to the CC list, he's our dbus expert. ] Can you try running podman with '--cgroup-manager=cgroupfs'? $ podman --cgroup-manager=cgroupfs run ... It might also be helpful to know your version of crun, and some important envariables: $ rpm -q crun $ env | grep XDG
with --cgroup-manager=cgroupfs works $ rpm -q crun crun-0.10.2-1.fc31.x86_64 $ env | grep XDG XDG_SESSION_TYPE=tty XDG_SESSION_CLASS=user XDG_SESSION_ID=21 XDG_RUNTIME_DIR=/run/user/1000
what is the version of systemd you are using? and could you also show the output for "printenv DBUS_SESSION_BUS_ADDRESS"?
$ rpm -q systemd systemd-243-4.gitef67743.fc31.x86_64 $ printenv DBUS_SESSION_BUS_ADDRESS (nothing)
have you created the session using su -l? Does /run/user/1000/bus exist?
No, I ssh to the machine /run/user/1000/bus doesn't exist
looks like a problem with the systemd session, what is the output for "systemctl --user status dbus-broker.service" ?
# systemctl --user status dbus-broker.service Failed to connect to bus: No such file or directory
so the issue is systemd not running correctly. We need to find out why that happens. Do you see any relevant error in `journalctl --user`? Do you ssh into the machine as the unprivileged user or as root?
This message is in journalctl systemd[3723]: Trying to run as user instance, but $XDG_RUNTIME_DIR is not set. and then conmon 05405a27e98deb63f4d0 <error>: Failed to create container: exit status 1 I think this is because of the previous message I ssh as a regular user
not sure how to debug this further, few things to check: sudo systemctl restart user@1000 sudo systemctl status user@1000 Have you done any change to the pam configuration? In particular, does your /etc/pam.d/systemd-user look different than what I have here: $ cat /etc/pam.d/systemd-user # This file is part of systemd. # # Used by systemd --user instances. account required pam_unix.so session required pam_selinux.so close session required pam_selinux.so nottys open session required pam_loginuid.so session optional pam_keyinit.so force revoke session optional pam_systemd.so
So, if I remove sss from /etc/nsswitch.conf it works I'm not using sssd to authenticate, my user is in /etc/passwd and /etc/shadow
systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor pres> Active: inactive (dead)
does removing sss also fix Podman?
yes, I have several sss in /etc/pam.d/* I think this was set in a previous test I made, and because this is an machine that I upgraded, something was mess. Removing sss from /etc/nsswitch.conf or clean up /etc/pam.d/* solves the problem with podman