1 files changed, 62 insertions, 6 deletions
diff --git a/troubleshooting.md b/troubleshooting.md
index 24a1dc6cb..08d79723a 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -39,7 +39,7 @@ error pulling image "fedora": unable to pull fedora: error getting default regis
 
 #### Solution
 
-  * Verify that the `/etc/containers/registries.conf` file exists.  If not, verify that the skopeo-containers package is installed.
+  * Verify that the `/etc/containers/registries.conf` file exists.  If not, verify that the containers-common package is installed.
   * Verify that the entries in the `[registries.search]` section of the /etc/containers/registries.conf file are valid and reachable.
     *  i.e. `registries = ['registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com']`
 
@@ -210,18 +210,17 @@ cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH
 
 Install a version of shadow-utils that includes these executables.  Note RHEL7 and Centos 7 will not have support for this until RHEL7.7 is released.
 
-### 10) podman fails to run in user namespace because /etc/subuid is not properly populated.
+### 10) rootless setup user: invalid argument
 
 Rootless podman requires the user running it to have a range of UIDs listed in /etc/subuid and /etc/subgid.
 
 #### Symptom
 
-If you are running podman or buildah as a user, you get an error complaining about
-a missing subuid ranges in /etc/subuid.
+An user, either via --user or through the default configured for the image, is not mapped inside the namespace.
 
 ```
-podman run -ti fedora sh
-No subuid ranges found for user "johndoe" in /etc/subuid
+podman run --rm -ti --user 1000000 alpine echo hi
+Error: container create failed: container_linux.go:344: starting container process caused "setup user: invalid argument"
 ```
 
 #### Solution
@@ -254,3 +253,60 @@ grep johndoe /etc/subuid /etc/subgid
 /etc/subuid:johndoe:200000:1001
 /etc/subgid:johndoe:200000:1001
 ```
+
+### 11) Changing the location of the Graphroot leads to permission denied
+
+When I change the graphroot storage location in storage.conf, the next time I
+run podman I get an error like:
+
+```
+# podman run -p 5000:5000 -it centos bash
+
+bash: error while loading shared libraries: /lib64/libc.so.6: cannot apply additional memory protection after relocation: Permission denied
+```
+
+For example, the admin sets up a spare disk to be mounted at `/src/containers`,
+and points storage.conf at this directory.
+
+
+#### Symptom
+
+SELinux blocks containers from using random locations for overlay storage.
+These directories need to be labeled with the same labels as if the content was
+under /var/lib/containers/storage.
+
+#### Solution
+
+Tell SELinux about the new containers storage by setting up an equivalence record.
+This tells SELinux to label content under the new path, as if it was stored
+under `/var/lib/containers/storage`.
+
+```
+semanage fcontext -a -e /var/lib/containers /srv/containers
+restorecon -R -v /src/containers
+```
+
+The semanage command above tells SELinux to setup the default labeling of
+`/srv/containers` to match `/var/lib/containers`.  The `restorecon` command
+tells SELinux to apply the labels to the actual content.
+
+Now all new content created in these directories will automatically be created
+with the correct label.
+
+### 12) Running Podman inside a container causes container crashes and inconsistent states
+
+Running Podman in a container and forwarding some, but not all, of the required host directories can cause inconsistent container behavior.
+
+#### Symptom
+
+After creating a container with Podman's storage directories mounted in from the host and running Podman inside a container, all containers show their state as "configured" or "created", even if they were running or stopped.
+
+#### Solution
+
+When running Podman inside a container, it is recommended to mount at a minimum `/var/lib/containers/storage/` as a volume.
+Typically, you will not mount in the host version of the directory, but if you wish to share containers with the host, you can do so.
+If you do mount in the host's `/var/lib/containers/storage`, however, you must also mount in the host's `/var/run/libpod` and `/var/run/containers/storage` directories.
+Not doing this will cause Podman in the container to detect that temporary files have been cleared, leading it to assume a system restart has taken place.
+This can cause Podman to reset container states and lose track of running containers.
+
+For running containers on the host from inside a container, we also recommend the [Podman remote client](remote_client.md), which only requires a single socket to be mounted into the container.