Description of problem:
When running this simple example as rootless
podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
-e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
-e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
following the page https://podman.io/getting-started/
I get this error
Error: sd-bus call: Permission denied: OCI runtime permission denied error
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run the example as normal user
podman does nothing
a container running
Could you try to remove libpod.conf from homedir.
rm -f ~/.config/containers/libpod.conf
And then try again.
I think this might also be an older version of `crun`.
Also, we really ought to update the tutorial, F27 is very out of date now.
removing libpod.conf does not solve the problem, this is the first time I'm running podman, and yes Is using crun, and I removed runc package from the system.
[ This looks like some sort of dbus problem; I'm adding Giuseppe to the CC list, he's our dbus expert. ]
Can you try running podman with '--cgroup-manager=cgroupfs'?
$ podman --cgroup-manager=cgroupfs run ...
It might also be helpful to know your version of crun, and some important envariables:
$ rpm -q crun
$ env | grep XDG
with --cgroup-manager=cgroupfs works
$ rpm -q crun
$ env | grep XDG
what is the version of systemd you are using?
and could you also show the output for "printenv DBUS_SESSION_BUS_ADDRESS"?
$ rpm -q systemd
$ printenv DBUS_SESSION_BUS_ADDRESS
have you created the session using su -l?
Does /run/user/1000/bus exist?
No, I ssh to the machine
/run/user/1000/bus doesn't exist
looks like a problem with the systemd session, what is the output for "systemctl --user status dbus-broker.service" ?
# systemctl --user status dbus-broker.service
Failed to connect to bus: No such file or directory
so the issue is systemd not running correctly. We need to find out why that happens.
Do you see any relevant error in `journalctl --user`?
Do you ssh into the machine as the unprivileged user or as root?
This message is in journalctl
systemd: Trying to run as user instance, but $XDG_RUNTIME_DIR is not set.
conmon 05405a27e98deb63f4d0 <error>: Failed to create container: exit status 1
I think this is because of the previous message
I ssh as a regular user
not sure how to debug this further, few things to check:
sudo systemctl restart user@1000
sudo systemctl status user@1000
Have you done any change to the pam configuration?
In particular, does your /etc/pam.d/systemd-user look different than what I have here:
$ cat /etc/pam.d/systemd-user
# This file is part of systemd.
# Used by systemd --user instances.
account required pam_unix.so
session required pam_selinux.so close
session required pam_selinux.so nottys open
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_systemd.so
So, if I remove sss from /etc/nsswitch.conf it works
I'm not using sssd to authenticate, my user is in /etc/passwd and /etc/shadow
systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor pres>
Active: inactive (dead)
does removing sss also fix Podman?
yes, I have several sss in /etc/pam.d/* I think this was set in a previous test I made, and because this is an machine that I upgraded, something was mess.
Removing sss from /etc/nsswitch.conf or clean up /etc/pam.d/* solves the problem with podman