RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1874621 - Rootless Podman Unable to Use Host Subscriptions
Summary: Rootless Podman Unable to Use Host Subscriptions
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: podman
Version: 8.2
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: 8.0
Assignee: Tom Sweeney
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-01 18:34 UTC by Scott McCarty
Modified: 2020-09-02 12:45 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-02 12:45:04 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)

Description Scott McCarty 2020-09-01 18:34:43 UTC 
Description of problem:

Podman on RHEL 8.2.1 does not pick up the subscriptions in the container when run as rootless. It works fine as root. I don't see anything in the debug output that says what's happening.


Version-Release number of selected component (if applicable):


How reproducible:

100%


Steps to Reproduce:
1. Start on a RHEL subscribed container host
2. Add a user (fatherlinux)
3. Run a container which installs a package: 

podman run -it --log-level=debug ubi8 yum install httpd






Actual results:

Notice that only the UBI channels are visible, there are no RHEL channels showing up:

[fatherlinux@keith-dc2-crunchtools-com ~]$ podman run -it --log-level=debug ubi8 yum install httpd
DEBU[0000] Found deprecated file /home/fatherlinux/.config/containers/libpod.conf, please remove. Use /home/fatherlinux/.config/containers/containers.conf to override defaults. 
DEBU[0000] Reading configuration file "/home/fatherlinux/.config/containers/libpod.conf" 
DEBU[0000] Ignoring lipod.conf EventsLogger setting "journald". Use containers.conf if you want to change this setting and remove libpod.conf files. 
DEBU[0000] Reading configuration file "/usr/share/containers/containers.conf" 
DEBU[0000] Merged system config "/usr/share/containers/containers.conf": &{{[] [] container-default [] host [CAP_AUDIT_WRITE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETFCAP CAP_SETGID CAP_SETPCAP CAP_SETUID CAP_SYS_CHROOT] [] []  [] [] [] true [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] false false false /usr/libexec/podman/catatonit private k8s-file -1 slirp4netns false 2048 private /usr/share/containers/seccomp.json 65536k private host 65536} {false cgroupfs [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] [/usr/libexec/podman/conmon /usr/libexec/crio/conmon /usr/local/lib/podman/conmon /usr/local/libexec/crio/conmon /usr/bin/conmon /usr/sbin/conmon /usr/lib/crio/bin/conmon] ctrl-p,ctrl-q true /run/user/1001/libpod/tmp/events/events.log file [/usr/share/containers/oci/hooks.d] docker:// /pause k8s.gcr.io/pause:3.1 /usr/libexec/podman/catatonit shm   false 2048 runc map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] missing [/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc] [crun runc] [crun] {false false false true true true}  false 3 /home/fatherlinux/.local/share/containers/storage/libpod 10 /run/user/1001/libpod/tmp /home/fatherlinux/.local/share/containers/storage/volumes} {[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] podman /etc/cni/net.d/}} 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fatherlinux/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fatherlinux/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1001                
DEBU[0000] Using static dir /home/fatherlinux/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1001/libpod/tmp      
DEBU[0000] Using volume path /home/fatherlinux/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] No store required. Not opening container store. 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
INFO[0000] running as rootless                          
DEBU[0000] Found deprecated file /home/fatherlinux/.config/containers/libpod.conf, please remove. Use /home/fatherlinux/.config/containers/containers.conf to override defaults. 
DEBU[0000] Reading configuration file "/home/fatherlinux/.config/containers/libpod.conf" 
DEBU[0000] Ignoring lipod.conf EventsLogger setting "journald". Use containers.conf if you want to change this setting and remove libpod.conf files. 
DEBU[0000] Reading configuration file "/usr/share/containers/containers.conf" 
DEBU[0000] Merged system config "/usr/share/containers/containers.conf": &{{[] [] container-default [] host [CAP_AUDIT_WRITE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETFCAP CAP_SETGID CAP_SETPCAP CAP_SETUID CAP_SYS_CHROOT] [] []  [] [] [] true [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] false false false /usr/libexec/podman/catatonit private k8s-file -1 slirp4netns false 2048 private /usr/share/containers/seccomp.json 65536k private host 65536} {false cgroupfs [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] [/usr/libexec/podman/conmon /usr/libexec/crio/conmon /usr/local/lib/podman/conmon /usr/local/libexec/crio/conmon /usr/bin/conmon /usr/sbin/conmon /usr/lib/crio/bin/conmon] ctrl-p,ctrl-q true /run/user/1001/libpod/tmp/events/events.log file [/usr/share/containers/oci/hooks.d] docker:// /pause k8s.gcr.io/pause:3.1 /usr/libexec/podman/catatonit shm   false 2048 runc map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] missing [/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc] [crun runc] [crun] {false false false true true true}  false 3 /home/fatherlinux/.local/share/containers/storage/libpod 10 /run/user/1001/libpod/tmp /home/fatherlinux/.local/share/containers/storage/volumes} {[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] podman /etc/cni/net.d/}} 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fatherlinux/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fatherlinux/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1001                
DEBU[0000] Using static dir /home/fatherlinux/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1001/libpod/tmp      
DEBU[0000] Using volume path /home/fatherlinux/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs 
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
DEBU[0000] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/ubi8:latest" 
DEBU[0000] reference "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/ubi8:latest" does not resolve to an image ID 
DEBU[0000] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]localhost/ubi8:latest" 
DEBU[0000] reference "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]localhost/ubi8:latest" does not resolve to an image ID 
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf" 
DEBU[0000] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]registry.access.redhat.com/ubi8:latest" 
DEBU[0000] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]registry.redhat.io/ubi8:latest" 
DEBU[0000] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/ubi8:latest" 
Trying to pull registry.access.redhat.com/ubi8...
DEBU[0000] Trying to access "registry.access.redhat.com/ubi8:latest" 
DEBU[0000] Credentials not found                        
DEBU[0000] Using registries.d directory /etc/containers/registries.d for sigstore configuration 
DEBU[0000]  Using "default-docker" configuration        
DEBU[0000]  No signature storage configuration found for registry.access.redhat.com/ubi8:latest 
DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/registry.access.redhat.com 
DEBU[0000]  cert: /etc/docker/certs.d/registry.access.redhat.com/1916833698546357171.cert 
DEBU[0000]  key: /etc/docker/certs.d/registry.access.redhat.com/1916833698546357171.key 
DEBU[0000] GET https://registry.access.redhat.com/v2/   
DEBU[0000] Ping https://registry.access.redhat.com/v2/ status 200 
DEBU[0000] GET https://registry.access.redhat.com/v2/ubi8/manifests/latest 
DEBU[0001] Using blob info cache at /home/fatherlinux/.local/share/containers/cache/blob-info-cache-v1.boltdb 
DEBU[0001] Source is a manifest list; copying (only) instance sha256:0e5de5a50dda1609c91b2f89886ac6b11911878a878dee008b63928788fbac25 for current system 
DEBU[0001] GET https://registry.access.redhat.com/v2/ubi8/manifests/sha256:0e5de5a50dda1609c91b2f89886ac6b11911878a878dee008b63928788fbac25 
DEBU[0001] IsRunningImageAllowed for image docker:registry.access.redhat.com/ubi8:latest 
DEBU[0001]  Using default policy section                
DEBU[0001]  Requirement 0: allowed                      
DEBU[0001] Overall: allowed                             
DEBU[0001] Downloading /v2/ubi8/blobs/sha256:a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3 
DEBU[0001] GET https://registry.access.redhat.com/v2/ubi8/blobs/sha256:a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3 
Getting image source signatures
DEBU[0002] Manifest has MIME type application/vnd.docker.distribution.manifest.v2+json, ordered candidate list [application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v1+json] 
DEBU[0002] ... will first try using the original manifest unmodified 
DEBU[0002] Skipping blob sha256:47db82df7f3f4393c1f19c362a2db2c47ca049b6fb20bef041dfc9bdb12a4504 (already present): 
DEBU[0002] Skipping blob sha256:77c58f19bd6e67185938abb6bbb6ec229e07a5e607453904294d982de141d2f0 (already present): 
Copying blob 47db82df7f3f [--------------------------------------] 0.0b / 0.0b
DEBU[0002] No compression detected                      
DEBU[0002] Using original blob without modification     
Copying config a1f8c96997 done  
Writing manifest to image destination
Storing signatures
DEBU[0002] setting image creation date to 2020-07-22 12:12:03.825918 +0000 UTC 
DEBU[0002] reusing image ID "a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" 
DEBU[0002] set names of image "a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" to [registry.access.redhat.com/ubi8:latest registry.access.redhat.com/ubi8:latest] 
DEBU[0002] saved image metadata "{\"signatures-sizes\":{\"sha256:0e5de5a50dda1609c91b2f89886ac6b11911878a878dee008b63928788fbac25\":[]}}" 
DEBU[0002] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]registry.access.redhat.com/ubi8:latest" 
DEBU[0002] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]@a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" 
DEBU[0002] exporting opaque data as blob "sha256:a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" 
DEBU[0002] Using slirp4netns netmode                    
DEBU[0002] No hostname set; container's hostname will default to runtime default 
DEBU[0002] Loading seccomp profile from "/usr/share/containers/seccomp.json" 
DEBU[0002] created OCI spec and options for new container 
DEBU[0002] Allocated lock 19 for container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc 
DEBU[0002] parsed reference into "[overlay@/home/fatherlinux/.local/share/containers/storage+/run/user/1001:overlay.mount_program=/usr/bin/fuse-overlayfs,overlay.mount_program=/usr/bin/fuse-overlayfs]@a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" 
DEBU[0002] exporting opaque data as blob "sha256:a1f8c969978652a6d1b2dfb265ae0c6c346da69000160cd3ecd5f619e26fa9f3" 
DEBU[0002] created container "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" 
DEBU[0002] container "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" has work directory "/home/fatherlinux/.local/share/containers/storage/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata" 
DEBU[0002] container "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" has run directory "/run/user/1001/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata" 
DEBU[0002] New container created "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" 
DEBU[0002] container "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" has CgroupParent "/libpod_parent/libpod-0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" 
DEBU[0002] Handling terminal attach                     
DEBU[0002] Made network namespace at /run/user/1001/netns/cni-dd5f9502-4f02-e98b-2a7e-18e85dbe3c0f for container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc 
DEBU[0002] overlay: mount_data=lowerdir=/home/fatherlinux/.local/share/containers/storage/overlay/l/IHDH6ATB6UTEV7FQ224THJ3A44:/home/fatherlinux/.local/share/containers/storage/overlay/l/OXDDO6STXI4T6CVCVAXCPBGFOW,upperdir=/home/fatherlinux/.local/share/containers/storage/overlay/1362b30e9ca53d966f820b6ddea31200ab46fc07424e06466f6b3ba3f4b4f029/diff,workdir=/home/fatherlinux/.local/share/containers/storage/overlay/1362b30e9ca53d966f820b6ddea31200ab46fc07424e06466f6b3ba3f4b4f029/work,context="system_u:object_r:container_file_t:s0:c102,c167" 
DEBU[0002] mounted container "0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc" at "/home/fatherlinux/.local/share/containers/storage/overlay/1362b30e9ca53d966f820b6ddea31200ab46fc07424e06466f6b3ba3f4b4f029/merged" 
DEBU[0002] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable-sandbox --enable-seccomp -c -e 3 -r 4 --netns-type=path /run/user/1001/netns/cni-dd5f9502-4f02-e98b-2a7e-18e85dbe3c0f tap0 
DEBU[0002] Created root filesystem for container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc at /home/fatherlinux/.local/share/containers/storage/overlay/1362b30e9ca53d966f820b6ddea31200ab46fc07424e06466f6b3ba3f4b4f029/merged 
INFO[0002] No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4] 
INFO[0002] IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844] 
DEBU[0002] reading hooks from /usr/share/containers/oci/hooks.d 
DEBU[0002] added hook /usr/share/containers/oci/hooks.d/oci-systemd-hook.json 
DEBU[0002] added hook /usr/share/containers/oci/hooks.d/oci-umount.json 
DEBU[0002] hook oci-systemd-hook.json did not match     
DEBU[0002] hook oci-umount.json did not match           
DEBU[0002] Created OCI spec for container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc at /home/fatherlinux/.local/share/containers/storage/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata/config.json 
DEBU[0002] /usr/bin/conmon messages will be logged to syslog 
DEBU[0002] running conmon: /usr/bin/conmon               args="[--api-version 1 -c 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc -u 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc -r /usr/bin/runc -b /home/fatherlinux/.local/share/containers/storage/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata -p /run/user/1001/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata/pidfile -l k8s-file:/home/fatherlinux/.local/share/containers/storage/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata/ctr.log --exit-dir /run/user/1001/libpod/tmp/exits --socket-dir-path /run/user/1001/libpod/tmp/socket --log-level debug --syslog -t --conmon-pidfile /run/user/1001/overlay-containers/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/fatherlinux/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1001 --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg cgroupfs --exit-command-arg --tmpdir --exit-command-arg /run/user/1001/libpod/tmp --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mount_program=/usr/bin/fuse-overlayfs --exit-command-arg --storage-opt --exit-command-arg overlay.mount_program=/usr/bin/fuse-overlayfs --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc]"
WARN[0002] Failed to add conmon to cgroupfs sandbox cgroup: error creating cgroup for cpu: mkdir /sys/fs/cgroup/cpu/libpod_parent: permission denied 
DEBU[0002] Received: 249719                             
INFO[0002] Got Conmon PID as 249708                     
DEBU[0002] Created container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc in OCI runtime 
DEBU[0002] Attaching to container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc 
DEBU[0002] connecting to socket /run/user/1001/libpod/tmp/socket/0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc/attach 
DEBU[0002] Received a resize event: {Width:127 Height:30} 
DEBU[0002] Starting container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc with command [yum install httpd] 
DEBU[0002] Started container 0de363f6abd4472aa39e3f6c0ae1e02c8f3ccd990857151ba3cee868ad52f2dc 
DEBU[0002] Enabling signal proxying                     
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Red Hat Universal Base Image 8 (RPMs) - BaseOS                                                 827 kB/s | 768 kB     00:00    
Red Hat Universal Base Image 8 (RPMs) - AppStream                                              1.5 MB/s | 3.9 MB     00:02    
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder                                       21 kB/s |  12 kB     00:00    
Dependencies resolved.
===============================================================================================================================
 Package                     Architecture    Version                                            Repository                Size
===============================================================================================================================
Installing:
 httpd                       x86_64          2.4.37-21.module+el8.2.0+5008+cca404a3             ubi-8-appstream          1.4 M
Installing dependencies:
 apr                         x86_64          1.6.3-9.el8                                        ubi-8-appstream          125 k
 apr-util                    x86_64          1.6.1-6.el8                                        ubi-8-appstream          105 k
 httpd-filesystem            noarch          2.4.37-21.module+el8.2.0+5008+cca404a3             ubi-8-appstream           36 k
 httpd-tools                 x86_64          2.4.37-21.module+el8.2.0+5008+cca404a3             ubi-8-appstream          103 k
 mailcap                     noarch          2.1.48-3.el8                                       ubi-8-baseos              39 k
 mod_http2                   x86_64          1.11.3-3.module+el8.2.0+4377+dc421495              ubi-8-appstream          158 k
 redhat-logos-httpd          noarch          81.1-1.el8                                         ubi-8-baseos              26 k
Installing weak dependencies:
 apr-util-bdb                x86_64          1.6.1-6.el8                                        ubi-8-appstream           25 k
 apr-util-openssl            x86_64          1.6.1-6.el8                                        ubi-8-appstream           27 k
Enabling module streams:
 httpd                                       2.4                                                                              

Transaction Summary
===============================================================================================================================
Install  10 Packages

Total download size: 2.0 M
Installed size: 5.5 M
Is this ok [y/N]:









Expected results:

Here's the results as root. Notice the UBI and RHEL channels are visible:

[root@keith-dc2-crunchtools-com entitlement]# podman run -it --log-level=debug ubi8 yum install httpd
DEBU[0000] Found deprecated file /usr/share/containers/libpod.conf, please remove. Use /etc/containers/containers.conf to override defaults. 
DEBU[0000] Reading configuration file "/usr/share/containers/libpod.conf" 
DEBU[0000] Ignoring lipod.conf EventsLogger setting "journald". Use containers.conf if you want to change this setting and remove libpod.conf files. 
DEBU[0000] Reading configuration file "/usr/share/containers/containers.conf" 
DEBU[0000] Merged system config "/usr/share/containers/containers.conf": &{{[] [] container-default [] host [CAP_AUDIT_WRITE CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FSETID CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETFCAP CAP_SETGID CAP_SETPCAP CAP_SETUID CAP_SYS_CHROOT] [] [nproc=4194304:4194304]  [] [] [] true [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] false false false  private k8s-file -1 bridge false 2048 private /usr/share/containers/seccomp.json 65536k private host 65536} {false systemd [PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] [/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon] ctrl-p,ctrl-q true /var/run/libpod/events/events.log file [/usr/share/containers/oci/hooks.d] docker:// /pause k8s.gcr.io/pause:3.2 /usr/libexec/podman/catatonit shm   false 2048 runc map[crun:[/usr/bin/crun /usr/sbin/crun /usr/local/bin/crun /usr/local/sbin/crun /sbin/crun /bin/crun /run/current-system/sw/bin/crun] kata:[/usr/bin/kata-runtime /usr/sbin/kata-runtime /usr/local/bin/kata-runtime /usr/local/sbin/kata-runtime /sbin/kata-runtime /bin/kata-runtime /usr/bin/kata-qemu /usr/bin/kata-fc] kata-fc:[/usr/bin/kata-fc] kata-qemu:[/usr/bin/kata-qemu] kata-runtime:[/usr/bin/kata-runtime] runc:[/usr/bin/runc /usr/sbin/runc /usr/local/bin/runc /usr/local/sbin/runc /sbin/runc /bin/runc /usr/lib/cri-o-runc/sbin/runc /run/current-system/sw/bin/runc]] missing [] [crun runc] [crun] {false false false true true true}  false 3 /var/lib/containers/storage/libpod 10 /var/run/libpod /var/lib/containers/storage/volumes} {[/usr/libexec/cni /usr/lib/cni /usr/local/lib/cni /opt/cni/bin] podman /etc/cni/net.d/}} 
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /var/lib/containers/storage 
DEBU[0000] Using run root /var/run/containers/storage   
DEBU[0000] Using static dir /var/lib/containers/storage/libpod 
DEBU[0000] Using tmp dir /var/run/libpod                
DEBU[0000] Using volume path /var/lib/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] cached value indicated that overlay is supported 
DEBU[0000] cached value indicated that metacopy is being used 
DEBU[0000] cached value indicated that native-diff is not being used 
WARN[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled 
DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=true 
DEBU[0000] Initializing event backend file              
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata-runtime: no valid executable found for OCI runtime kata-runtime: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata-qemu: no valid executable found for OCI runtime kata-qemu: invalid argument 
WARN[0000] Error initializing configured OCI runtime kata-fc: no valid executable found for OCI runtime kata-fc: invalid argument 
DEBU[0000] using runtime "/usr/bin/runc"                
INFO[0000] Found CNI network podman (type=bridge) at /etc/cni/net.d/87-podman-bridge.conflist 
WARN[0000] Default CNI network name podman is unchangeable 
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]docker.io/library/ubi8:latest" 
DEBU[0000] reference "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]docker.io/library/ubi8:latest" does not resolve to an image ID 
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]localhost/ubi8:latest" 
DEBU[0000] reference "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]localhost/ubi8:latest" does not resolve to an image ID 
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@0c46e5c7a82a97d21447ee6a1ef0d407317642c9361b562456395e087be08774" 
DEBU[0000] exporting opaque data as blob "sha256:0c46e5c7a82a97d21447ee6a1ef0d407317642c9361b562456395e087be08774" 
DEBU[0000] Using bridge netmode                         
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading seccomp profile from "/usr/share/containers/seccomp.json" 
DEBU[0000] created OCI spec and options for new container 
DEBU[0000] Allocated lock 25 for container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.mountopt=nodev,metacopy=on]@0c46e5c7a82a97d21447ee6a1ef0d407317642c9361b562456395e087be08774" 
DEBU[0000] exporting opaque data as blob "sha256:0c46e5c7a82a97d21447ee6a1ef0d407317642c9361b562456395e087be08774" 
DEBU[0000] created container "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" 
DEBU[0000] container "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" has work directory "/var/lib/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata" 
DEBU[0000] container "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" has run directory "/var/run/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata" 
DEBU[0000] New container created "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" 
DEBU[0000] container "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" has CgroupParent "machine.slice/libpod-33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870.scope" 
DEBU[0000] Handling terminal attach                     
DEBU[0000] overlay: mount_data=nodev,metacopy=on,lowerdir=/var/lib/containers/storage/overlay/l/5C5AGLFINVSK46N6LDOPSYPCP6:/var/lib/containers/storage/overlay/l/D5ULAO7X7ECF24WGFREFRLKAOV,upperdir=/var/lib/containers/storage/overlay/0fca5ae6d6361beb1e7194c4e93fded05c6d6491c32d78130877281167433780/diff,workdir=/var/lib/containers/storage/overlay/0fca5ae6d6361beb1e7194c4e93fded05c6d6491c32d78130877281167433780/work,context="system_u:object_r:container_file_t:s0:c240,c242" 
DEBU[0000] Made network namespace at /var/run/netns/cni-e4f2995d-f034-575b-90cb-c8e9cb97be06 for container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 
INFO[0000] About to add CNI network lo (type=loopback)  
DEBU[0000] mounted container "33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870" at "/var/lib/containers/storage/overlay/0fca5ae6d6361beb1e7194c4e93fded05c6d6491c32d78130877281167433780/merged" 
DEBU[0000] Created root filesystem for container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 at /var/lib/containers/storage/overlay/0fca5ae6d6361beb1e7194c4e93fded05c6d6491c32d78130877281167433780/merged 
INFO[0000] Got pod network &{Name:funny_galois Namespace:funny_galois ID:33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 NetNS:/var/run/netns/cni-e4f2995d-f034-575b-90cb-c8e9cb97be06 Networks:[] RuntimeConfig:map[podman:{IP: MAC: PortMappings:[] Bandwidth:<nil> IpRanges:[]}]} 
INFO[0000] About to add CNI network podman (type=bridge) 
DEBU[0000] [0] CNI result: &{0.4.0 [{Name:cni-podman0 Mac:ee:62:0a:1b:9a:99 Sandbox:} {Name:vetha8448cc2 Mac:ea:b0:1a:b6:09:57 Sandbox:} {Name:eth0 Mac:2e:1d:32:fe:37:5c Sandbox:/var/run/netns/cni-e4f2995d-f034-575b-90cb-c8e9cb97be06}] [{Version:4 Interface:0xc000638628 Address:{IP:10.88.1.169 Mask:ffff0000} Gateway:10.88.0.1}] [{Dst:{IP:0.0.0.0 Mask:00000000} GW:<nil>}] {[]  [] []}} 
INFO[0000] No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4] 
INFO[0000] IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844] 
DEBU[0000] Setting CGroups for container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 to machine.slice:libpod:33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d 
DEBU[0000] added hook /usr/share/containers/oci/hooks.d/oci-systemd-hook.json 
DEBU[0000] added hook /usr/share/containers/oci/hooks.d/oci-umount.json 
DEBU[0000] hook oci-systemd-hook.json did not match     
DEBU[0000] hook oci-umount.json did not match           
DEBU[0000] Created OCI spec for container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 at /var/lib/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -s -c 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 -u 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 -r /usr/bin/runc -b /var/lib/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata -p /var/run/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata/pidfile -l k8s-file:/var/lib/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata/ctr.log --exit-dir /var/run/libpod/exits --socket-dir-path /var/run/libpod/socket --log-level debug --syslog -t --conmon-pidfile /var/run/containers/storage/overlay-containers/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /var/lib/containers/storage --exit-command-arg --runroot --exit-command-arg /var/run/containers/storage --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /var/run/libpod --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mountopt=nodev,metacopy=on --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870]"
INFO[0000] Running conmon under slice machine.slice and unitName libpod-conmon-33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870.scope 
DEBU[0000] Received: 249285                             
INFO[0000] Got Conmon PID as 249265                     
DEBU[0000] Created container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 in OCI runtime 
DEBU[0000] Attaching to container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 
DEBU[0000] connecting to socket /var/run/libpod/socket/33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870/attach 
DEBU[0000] Received a resize event: {Width:127 Height:30} 
DEBU[0000] Starting container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 with command [yum install httpd] 
DEBU[0000] Started container 33c8e193191c41126434f8151d986c6269aaf7213e2cce2e22a87026c2726870 
DEBU[0000] Enabling signal proxying                     
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                                          2.3 MB/s |  20 MB     00:08    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                                       2.4 MB/s |  19 MB     00:07    
Red Hat Universal Base Image 8 (RPMs) - BaseOS                                                 442 kB/s | 768 kB     00:01    
Red Hat Universal Base Image 8 (RPMs) - AppStream                                              1.5 MB/s | 3.9 MB     00:02    
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder                                       21 kB/s |  12 kB     00:00    
Dependencies resolved.
===============================================================================================================================
 Package                 Arch        Version                                       Repository                             Size
===============================================================================================================================
Installing:
 httpd                   x86_64      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms      1.4 M
Installing dependencies:
 mailcap                 noarch      2.1.48-3.el8                                  rhel-8-for-x86_64-baseos-rpms          39 k
 redhat-logos-httpd      noarch      81.1-1.el8                                    rhel-8-for-x86_64-baseos-rpms          26 k
 apr                     x86_64      1.6.3-9.el8                                   rhel-8-for-x86_64-appstream-rpms      125 k
 apr-util                x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms      105 k
 mod_http2               x86_64      1.11.3-3.module+el8.2.0+4377+dc421495         rhel-8-for-x86_64-appstream-rpms      158 k
 httpd-tools             x86_64      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms      103 k
 httpd-filesystem        noarch      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms       36 k
Installing weak dependencies:
 apr-util-openssl        x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms       27 k
 apr-util-bdb            x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms       25 k
Enabling module streams:
 httpd                               2.4                                                                                      

Transaction Summary
===============================================================================================================================
Install  10 Packages

Total download size: 2.0 M
Installed size: 5.5 M
Is this ok [y/N]: 




Additional info:

This is on a fully updated RHEL 8.2.1 host with podman 1.9.3 on it.
Comment 1 Tom Sweeney 2020-09-01 20:21:57 UTC 
I don't know for sure, but this might be related to:  https://bugzilla.redhat.com/show_bug.cgi?id=1867426
Comment 2 Scott McCarty 2020-09-01 21:03:57 UTC 
More data. I can manually mount the files and things work. But, if I don't mount them manually, nothing gets mounted.

[root@60e8f8b3801f /]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.2 (Ootpa)


[fatherlinux@keith-dc2-crunchtools-com ~]$ podman version
Version:            1.9.3
RemoteAPI Version:  1
Go Version:         go1.13.4
OS/Arch:            linux/amd64


[fatherlinux@keith-dc2-crunchtools-com ~]$ podman run -it ubi8 bash
[root@77c0642babc6 /]# ls /run/secrets/


[root@77c0642babc6 /]# exit
exit


[fatherlinux@keith-dc2-crunchtools-com ~]$ podman run -v /etc/yum.repos.d/redhat.repo:/run/secrets/redhat.repo -v /etc/rhsm/:/run/secrets/rhsm -v /etc/pki/entitlement/:/run/secrets/etc-pki-entitlement/ -it ubi8 bash


[root@60e8f8b3801f /]# ls /run/secrets/
etc-pki-entitlement  redhat.repo  rhsm


[root@60e8f8b3801f /]# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
repo id                                            repo name
rhel-8-for-x86_64-appstream-rpms                   Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
rhel-8-for-x86_64-baseos-rpms                      Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
ubi-8-appstream                                    Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos                                       Red Hat Universal Base Image 8 (RPMs) - BaseOS
ubi-8-codeready-builder                            Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder


[root@60e8f8b3801f /]# yum install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                                          2.6 MB/s |  20 MB     00:07    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                                       2.3 MB/s |  19 MB     00:08    
Red Hat Universal Base Image 8 (RPMs) - BaseOS                                                 1.0 MB/s | 768 kB     00:00    
Red Hat Universal Base Image 8 (RPMs) - AppStream                                              2.4 MB/s | 3.9 MB     00:01    
Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder                                       30 kB/s |  12 kB     00:00    
Dependencies resolved.
===============================================================================================================================
 Package                 Arch        Version                                       Repository                             Size
===============================================================================================================================
Installing:
 httpd                   x86_64      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms      1.4 M
Installing dependencies:
 apr                     x86_64      1.6.3-9.el8                                   rhel-8-for-x86_64-appstream-rpms      125 k
 apr-util                x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms      105 k
 httpd-filesystem        noarch      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms       36 k
 httpd-tools             x86_64      2.4.37-21.module+el8.2.0+5008+cca404a3        rhel-8-for-x86_64-appstream-rpms      103 k
 mailcap                 noarch      2.1.48-3.el8                                  rhel-8-for-x86_64-baseos-rpms          39 k
 mod_http2               x86_64      1.11.3-3.module+el8.2.0+4377+dc421495         rhel-8-for-x86_64-appstream-rpms      158 k
 redhat-logos-httpd      noarch      81.1-1.el8                                    rhel-8-for-x86_64-baseos-rpms          26 k
Installing weak dependencies:
 apr-util-bdb            x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms       25 k
 apr-util-openssl        x86_64      1.6.1-6.el8                                   rhel-8-for-x86_64-appstream-rpms       27 k
Enabling module streams:
 httpd                               2.4                                                                                      

Transaction Summary
===============================================================================================================================
Install  10 Packages

Total download size: 2.0 M
Installed size: 5.5 M
Is this ok [y/N]: 
Operation aborted.
Comment 3 Scott McCarty 2020-09-01 21:17:49 UTC 
I got it working with a fresh users, but not my original users. I've deleted .local/share/containers and still nothing:

[fatherlinux@keith-dc2-crunchtools-com share]$ podman run -it ubi8 ls /run/secrets


[fatherlinux@keith-dc2-crunchtools-com share]$ sudo su - fred
Last login: Tue Sep  1 17:15:55 EDT 2020 on pts/1
...


[fred@keith-dc2-crunchtools-com ~]$ podman run -it ubi8 ls /run/secrets
etc-pki-entitlement  redhat.repo  rhsm
Comment 4 Jindrich Novy 2020-09-02 00:41:30 UTC 
I see this in skopeo spec file:

# install secrets patch directory
install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
# rhbz#1110876 - update symlinks for subscription management
ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo

note that /usr/share/rhel/secrets is part of containers-common subpackage of skopeo. This subpackage also owns %{_datadir}/containers/mounts.conf which contains:

/usr/share/rhel/secrets:/run/secrets

which I believe assures /usr/share/rhel/secrets gets mounted in /run/secrets within the container. Did handling of mounts.conf change in newer versions? Or /run/secrets is no longer used or is it ignored? Scott, do you see it within the container?
Comment 5 Scott McCarty 2020-09-02 12:42:39 UTC 
I solved my specific problem. The original user account I was using had an empty mounts.conf file (remember to always copy the one in /usr/share/containers). Here's the full output for clarity:

[fatherlinux@keith-dc2-crunchtools-com ~]$ cat /usr/share/containers/mounts.conf 
/usr/share/rhel/secrets:/run/secrets


[fatherlinux@keith-dc2-crunchtools-com ~]$ ls ~/.config/containers/
libpod.conf  podman.log  storage.conf


[fatherlinux@keith-dc2-crunchtools-com ~]$ touch ~/.config/containers/mounts.conf


[fatherlinux@keith-dc2-crunchtools-com ~]$ podman run -it ubi8 yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
repo id                                        repo name
ubi-8-appstream                                Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos                                   Red Hat Universal Base Image 8 (RPMs) - BaseOS
ubi-8-codeready-builder                        Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder


[fatherlinux@keith-dc2-crunchtools-com ~]$ rm ~/.config/containers/mounts.conf 


[fatherlinux@keith-dc2-crunchtools-com ~]$ podman run -it ubi8 yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
Subscription Manager is operating in container mode.
repo id                                            repo name
rhel-8-for-x86_64-appstream-rpms                   Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
rhel-8-for-x86_64-baseos-rpms                      Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
ubi-8-appstream                                    Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos                                       Red Hat Universal Base Image 8 (RPMs) - BaseOS
ubi-8-codeready-builder                            Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder
Comment 6 Scott McCarty 2020-09-02 12:45:04 UTC 
This is a misconfiguration problem, not a bug.
Note You need to log in before you can comment on or make changes to this bug.