diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-08 13:10:22 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-08 13:10:22 -0400 |
commit | 400799b58cd2c67aea4754d370415081e2d303c6 (patch) | |
tree | 230dabb632b5422f385ef81b7f133acd00626c61 | |
parent | d68e429859b497cd31c6e3dfdc64dce58b0b95d5 (diff) | |
parent | 9b7ef3dad1f8fad2be3f069039673d9860687aea (diff) | |
download | podman-400799b58cd2c67aea4754d370415081e2d303c6.tar.gz podman-400799b58cd2c67aea4754d370415081e2d303c6.tar.bz2 podman-400799b58cd2c67aea4754d370415081e2d303c6.zip |
Merge pull request #11327 from flouthoc/warn-non-writeable-xdg-runtime
runtime: Warn if `XDG_RUNTIME_DIR` is set but is not writable.
-rw-r--r-- | libpod/runtime.go | 12 | ||||
-rw-r--r-- | troubleshooting.md | 26 |
2 files changed, 38 insertions, 0 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go index c5f5db531..1c9c56d16 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -15,6 +15,8 @@ import ( "syscall" "time" + "golang.org/x/sys/unix" + "github.com/containers/buildah/pkg/parse" "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" @@ -328,6 +330,16 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { runtime.mergeDBConfig(dbConfig) + unified, _ := cgroups.IsCgroup2UnifiedMode() + if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { + // If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory + // it will try to use existing XDG_RUNTIME_DIR + // if current user has no write access to XDG_RUNTIME_DIR we will fail later + if unix.Access(runtime.storageConfig.RunRoot, unix.W_OK) != nil { + logrus.Warnf("XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.") + } + } + logrus.Debugf("Using graph driver %s", runtime.storageConfig.GraphDriverName) logrus.Debugf("Using graph root %s", runtime.storageConfig.GraphRoot) logrus.Debugf("Using run root %s", runtime.storageConfig.RunRoot) diff --git a/troubleshooting.md b/troubleshooting.md index 686166da0..a6c014625 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -881,3 +881,29 @@ def signal_listener(): if __name__ == "__main__": signal_listener() ``` +### 30) Podman run fails with `ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user` or `Error: error creating tmpdir: mkdir /run/user/1000: permission denied`. + +A failure is encountered when performing `podman run` with a warning `XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.` + +#### Symptom + +A rootless container is being invoked with cgroup configuration as `cgroupv2` for user with missing or invalid **systemd session**. + +Example cases +```bash +# su user1 -c 'podman images' +ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user +``` +```bash +# su - user1 -c 'podman images' +Error: error creating tmpdir: mkdir /run/user/1000: permission denied +``` + +#### Solution + +Podman expects a valid login session for the `rootless+cgroupv2` use-case. Podman execution is expected to fail if the login session is not present. In most cases, podman will figure out a solution on its own but if `XDG_RUNTIME_DIR` is pointing to a path that is not writable execution will most fail. Typical scenarious of such cases are seen when users are trying to use Podman with `su - <user> -c '<podman-command>`, or `sudo -l` and badly configured systemd session. + +Resolution steps + +* Before invoking Podman command create a valid login session for your rootless user using `loginctl enable-linger <username>` +* If `loginctl` is unavailable you can also try logging in via `ssh` i.e `ssh <username>@localhost`. |