diff options
Diffstat (limited to 'troubleshooting.md')
| -rw-r--r-- | troubleshooting.md | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index 4649cccb3..d210d85df 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -9,7 +9,7 @@ A large number of issues reported against Podman are often found to already be fixed in more current versions of the project. Before reporting an issue, please verify the -version you are running with `podman version` and compare it to the lastest release +version you are running with `podman version` and compare it to the latest release documented on the top of Podman's [README.md](README.md). If they differ, please update your version of PODMAN to the latest possible @@ -86,6 +86,9 @@ could not get runtime: database run root /run/user/1000/run does not match our r #### Solution +This problem has been fixed in Podman release 0.12.1 and it is recommended +to upgrade to that version. If that is not possible use the following procedure. + To work around the new default path, we can manually set the path Podman is expecting in a configuration file. @@ -101,7 +104,7 @@ the first path in the error message Podman gave (in this case, `/run/user/1000/run`). --- -### 4) rootless containers cannot ping hosts +### 5) rootless containers cannot ping hosts When using the ping command from a non-root container, the command may fail because of a lack of privileges. @@ -128,9 +131,10 @@ To change its value you can use something like: `sysctl -w To make the change persistent, you'll need to add a file in `/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`. -### 5) Build hangs when the Dockerfile contains the useradd command +--- +### 6) Build hangs when the Dockerfile contains the useradd command -When the Dockerfile contains a command like RUN useradd -u 99999000 -g users newuser the build can hang. +When the Dockerfile contains a command like `RUN useradd -u 99999000 -g users newuser` the build can hang. #### Symptom @@ -139,3 +143,33 @@ If you are using a useradd command within a Dockerfile with a large UID/GID, it #### Solution If the entry in the Dockerfile looked like: RUN useradd -u 99999000 -g users newuser then add the `--log-no-init` parameter to change it to: `RUN useradd --log-no-init -u 99999000 -g users newuser`. This option tells useradd to stop creating the lastlog file. + +### 7) Permission denied when running Podman commands + +When rootless podman attempts to execute a container on a non exec home directory a permission error will be raised. + +#### Symptom + +If you are running podman or buildah on a home directory that is mounted noexec, +then they will fail. With a message like: + +``` +podman run centos:7 +standard_init_linux.go:203: exec user process caused "permission denied" +``` + +#### Solution + +Since the administrator of the system setup your home directory to be noexec, you will not be allowed to execute containers from storage in your home directory. It is possible to work around this by manually specifying a container storage path that is not on a noexec mount. Simply copy the file /etc/containers/storage.conf to ~/.config/containers/ (creating the directory if necessary). Specify a graphroot directory which is not on a noexec mount point and to which you have read/write privileges. You will need to modify other fields to writable directories as well. + +For example + +``` +cat ~/.config/containers/storage.conf +[storage] + driver = "overlay" + runroot = "/run/user/1000" + graphroot = "/execdir/myuser/storage" + [storage.options] + mount_program = "/bin/fuse-overlayfs" +``` |