Rawhide: rootless, remote: podman build: failed to create bridge "cni-podman0": could not add "cni-podman0": EPERM #12989
Assignees
Labels
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
remote
Problem is in podman-remote
rootless
Comments
|
Here's the log from |
|
Reproducer: $ printf "FROM quay.io/libpod/alpine:latest\nRUN true\n" | podman-remote build -t foo -
STEP 1/2: FROM quay.io/libpod/alpine:latest
STEP 2/2: RUN true
WARN[1035] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk
WARN[1035] 1 error occurred:
* plugin type="bridge" failed (delete): cni plugin bridge failed: mkdir /var/lib/cni: permission denied
error running container: did not get container start message from parent: EOF
Error: error building at STEP "RUN true": plugin type="bridge" failed (add): cni plugin bridge failed: failed to create bridge "cni-podman0": could not add "cni-podman0": operation not permitted(podman server running in bg, so output is intermingled) |
|
I think the problem here is that we use code which should only be used as root, we need to set the correct buildah isolation which is only done for local. |
Luap99
added a commit
to Luap99/libpod
that referenced
this issue
Jan 24, 2022
When we run rootless buildah needs to have IsolationOCIRootless set otherwise it will run code which cannot be used as rootless user. Podman should use the buildah default if possible and change it to rootless mode if needed. [NO NEW TESTS NEEDED] Should be covered by existing tests once we have podman-remote rootless tests. Fixes containers#12989 Signed-off-by: Paul Holzinger <[email protected]>
|
So the API Handler needs to realize it is running in rootless mode and set the network as such. |
|
PR #12996 |
|
So just to verify, is this issue only a problem for remote rootless, or all rootless? @edsantiago |
edsantiago
added a commit
to edsantiago/libpod
that referenced
this issue
Jan 24, 2022
Minimal: only test Fedora.Latest.
Reason: podman 4.0.0-0.2.rc2 broke bodhi gating tests:
containers#12989
Requires skipping two recently-added tests that use 'podman unshare',
which doesn't work on remote.
Signed-off-by: Ed Santiago <[email protected]>
|
Answered off line, this is only a problem with rootless remote build. |
patrycja-guzik
pushed a commit
to patrycja-guzik/podman
that referenced
this issue
Feb 15, 2022
When we run rootless buildah needs to have IsolationOCIRootless set otherwise it will run code which cannot be used as rootless user. Podman should use the buildah default if possible and change it to rootless mode if needed. [NO NEW TESTS NEEDED] Should be covered by existing tests once we have podman-remote rootless tests. Fixes containers#12989 Signed-off-by: Paul Holzinger <[email protected]>
patrycja-guzik
pushed a commit
to patrycja-guzik/podman
that referenced
this issue
Feb 15, 2022
Minimal: only test Fedora.Latest.
Reason: podman 4.0.0-0.2.rc2 broke bodhi gating tests:
containers#12989
Requires skipping two recently-added tests that use 'podman unshare',
which doesn't work on remote.
Signed-off-by: Ed Santiago <[email protected]>
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Ton of failures in rootless gating tests, on latest rc2 build:
No idea if this is real or a flake. If the latter, it's not one I've ever seen before. I will spin up a virt and try to reproduce today, but I'm still catching up from the weekend.
The text was updated successfully, but these errors were encountered: