Podman via "podman machine": docker commands fail with ""potentially insufficient UIDs or GIDs available in user namespace" #11399
Comments
|
This looks like a more general rootless issue. We allocate, by default, 65536 UIDs and GIDs for each rootless user; you're using an image that uses high UIDs and GIDs (445605:89939 are both higher than 65536), so it's not compatible with a default rootless configuration. You could SSH into the machine and manually edit @baude What's the recommended way to swap to the root connection in the VM? |
|
please provide your Dockerfile or Containerfile. I just tried a basic Containerfile I have and it worked perfectly |
|
This is the image used https://github.com/GoogleContainerTools/skaffold/tree/main/examples/getting-started In general I am not a very smart user who can adjust uid ranges whatnot, so it would be good if it just worked. |
|
@baude It's specific to the image, he has high UIDs and GIDs that render rootless Podman unusable without adjustment. I thought we had a root connection also available by default in machine - setting that to the default should resolve things? |
|
I have also encountered the same problem. In my fresh install of Podman (via
I have also tried to adjust UIDs and GIDs by looking https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration : but still got: |
|
Ah, sorry, I have thought the number of uid and gid correspond to host_id in now |
|
Aha - it’s just the Dockerfile. Is your UID on the host equal to what’s
being shown in the error message?
…On Thu, Sep 2, 2021 at 23:47 hiyoko3m ***@***.***> wrote:
I have also encountered the same problem. In my fresh install of Podman
(via brew install podman) on macOS 10.15.7 with Intel, even with this
simple Dockerfile:
FROM docker.io/library/httpd:latest
RUN echo '<html><head></head><body>It works!</body></html>' > /usr/local/apache2/htdocs/index.html
podman build . showed the same error:
$ podman build .
Error: potentially insufficient UIDs or GIDs available in user namespace (requested 891479843:1066215063 for /var/tmp/libpod_builder366076066/build/Dockerfile): Check /etc/subuid and /etc/subgid: lchown /var/tmp/libpod_builder366076066/build/Dockerfile: invalid argument
I have also tried to adjust UIDs and GIDs by looking
https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
:
$ podman machine ssh
Connecting to vm podman-machine-default. To close connection, use `~.` or `exit`
Warning: Permanently added '[localhost]:61148' (ECDSA) to the list of known hosts.
Fedora CoreOS 34.20210821.1.1
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/c/server/coreos/
Last login: Fri Sep 3 03:28:21 2021 from 192.168.127.1
***@***.*** ~]$ sudo usermod --add-subuids 890000000-900000000 --add-subgids 1060000000-1070000000 core
***@***.*** ~]$ podman system migrate
***@***.*** ~]$ exit
logout
Connection to localhost closed.
$ podman info
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
- container_id: 65537
host_id: 1060000000
size: 10000001
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
- container_id: 65537
host_id: 890000000
size: 10000001
~~~~~~~~~~~~~~~~~~~~~~~~~~~
but still got:
$ podman build .
Error: potentially insufficient UIDs or GIDs available in user namespace (requested 891479843:1066215063 for /var/tmp/libpod_builder063750535/build/Dockerfile): Check /etc/subuid and /etc/subgid: lchown /var/tmp/libpod_builder063750535/build/Dockerfile: invalid argument
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#11399 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB3AOCEDP5EICDN46GNWKVDUABAORANCNFSM5DHJPLPQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
|
This is the output on my mac; I see where these number come from. Thanks! |
|
It seems this wasn't just a one-off issue, I experienced this error and the inability to build any image as well. Editing the /etc/subuid and /etc/subgid files as above and running |
|
@nalind I recall a patch from you to change the build archiver to squash UIDs and GIDs down to 0 - would that fix this? |
|
Closing on that theory. Fix should be in 3.3.2, coming on Monday. |
|
I am still getting below error with Podman "3.4.4" on Mac.
|
|
can you open a new issue and put in your reproducer? Please give as much information as possible |
github-actions
bot
added
the
locked - please file new issue/PR
/kind bug
Description
Fresh install of Podman CLI + VM on a macOS.
Some "docker" commands are working (aliased to "podman"), but "docker build" is failing with error:
Steps to reproduce the issue:
brew install podmanpodman machine init && podman machine start(note warning)podman machine listshows Runningalias docker=podmanDescribe the results you received:
docker psworks,docker infoshows Podman VM.docker buildin a basic sample image directory fails with error:Describe the results you expected:
docker build should work?
Output of
podman version:Output of
podman info --debug:Package info (e.g. output of
rpm -q podmanorapt list podman):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes.
Additional environment details (AWS, VirtualBox, physical, etc.): None. Running on QEMU on macOS via "podman machine".
The text was updated successfully, but these errors were encountered: