summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-09-08 13:10:22 -0400
committerGitHub <noreply@github.com>2021-09-08 13:10:22 -0400
commit400799b58cd2c67aea4754d370415081e2d303c6 (patch)
tree230dabb632b5422f385ef81b7f133acd00626c61
parentd68e429859b497cd31c6e3dfdc64dce58b0b95d5 (diff)
parent9b7ef3dad1f8fad2be3f069039673d9860687aea (diff)
downloadpodman-400799b58cd2c67aea4754d370415081e2d303c6.tar.gz
podman-400799b58cd2c67aea4754d370415081e2d303c6.tar.bz2
podman-400799b58cd2c67aea4754d370415081e2d303c6.zip
Merge pull request #11327 from flouthoc/warn-non-writeable-xdg-runtime
runtime: Warn if `XDG_RUNTIME_DIR` is set but is not writable.
-rw-r--r--libpod/runtime.go12
-rw-r--r--troubleshooting.md26
2 files changed, 38 insertions, 0 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go
index c5f5db531..1c9c56d16 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -15,6 +15,8 @@ import (
"syscall"
"time"
+ "golang.org/x/sys/unix"
+
"github.com/containers/buildah/pkg/parse"
"github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
@@ -328,6 +330,16 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) {
runtime.mergeDBConfig(dbConfig)
+ unified, _ := cgroups.IsCgroup2UnifiedMode()
+ if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) {
+ // If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory
+ // it will try to use existing XDG_RUNTIME_DIR
+ // if current user has no write access to XDG_RUNTIME_DIR we will fail later
+ if unix.Access(runtime.storageConfig.RunRoot, unix.W_OK) != nil {
+ logrus.Warnf("XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.")
+ }
+ }
+
logrus.Debugf("Using graph driver %s", runtime.storageConfig.GraphDriverName)
logrus.Debugf("Using graph root %s", runtime.storageConfig.GraphRoot)
logrus.Debugf("Using run root %s", runtime.storageConfig.RunRoot)
diff --git a/troubleshooting.md b/troubleshooting.md
index 686166da0..a6c014625 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -881,3 +881,29 @@ def signal_listener():
if __name__ == "__main__":
signal_listener()
```
+### 30) Podman run fails with `ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user` or `Error: error creating tmpdir: mkdir /run/user/1000: permission denied`.
+
+A failure is encountered when performing `podman run` with a warning `XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.`
+
+#### Symptom
+
+A rootless container is being invoked with cgroup configuration as `cgroupv2` for user with missing or invalid **systemd session**.
+
+Example cases
+```bash
+# su user1 -c 'podman images'
+ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user
+```
+```bash
+# su - user1 -c 'podman images'
+Error: error creating tmpdir: mkdir /run/user/1000: permission denied
+```
+
+#### Solution
+
+Podman expects a valid login session for the `rootless+cgroupv2` use-case. Podman execution is expected to fail if the login session is not present. In most cases, podman will figure out a solution on its own but if `XDG_RUNTIME_DIR` is pointing to a path that is not writable execution will most fail. Typical scenarious of such cases are seen when users are trying to use Podman with `su - <user> -c '<podman-command>`, or `sudo -l` and badly configured systemd session.
+
+Resolution steps
+
+* Before invoking Podman command create a valid login session for your rootless user using `loginctl enable-linger <username>`
+* If `loginctl` is unavailable you can also try logging in via `ssh` i.e `ssh <username>@localhost`.