-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Start of rootless container in systemd hangs (Can't open PID file /run/user/1000/containers/overlay-containers/[...].pid (yet?) after start: Permission denied) #8506
Comments
From #8504
@mheon and thats the end of the story? I cannot do anything to it? |
I don't think you run into this issue since you run your unit with systemctl --user. The error message for the problem mentioned by @mheon is |
AppArmor? |
I guess it has to do with uid mapping:
The process is mapped to the user namespace (my user ID start at 100000)
|
The process
|
This directory should be owned by your user, otherwise systemd can't access the pid file. I think the use of |
The container we're talking about is started without Let me know if there is something specific that I can provide about the container. |
@giuseppe PTAL |
I uncommented the For someone who stumbles into this issue: This is a workaround for the hanging The current service file I use:
|
A friendly reminder that this issue had no activity for 30 days. |
Should still be present. |
@giuseppe were you able to look at this? |
opened a PR here: #8869 |
so that the PIDFile can be accessed also without being in the rootless user namespace. Closes: containers#8506 Signed-off-by: Giuseppe Scrivano <[email protected]>
/kind bug
Description
Generating systemd files for rootles container. Starting them makes the systemctl call not return. Though the container is started. The service status is still activating.
Steps to reproduce the issue:
Create a rootless container (with uidmap) and generate systemd file on Debian Bubster
Enable and start the service
Describe the results you received:
Starting them makes the systemctl call not return. Though the container is started. The service status is still activating.
syslog: (journalctl cropped the lines at the end)
Why is
Can't open PID file /run/user/1000/containers/overlay-containers/181f37a4d4577fbcf1e7fc2cca6699b7a2906ec3b34134b43404542bda2ffa65/userdata/conmon.pid (yet?) after start: Permission denied
happening?Describe the results you expected:
Systemctl start command returns within a reasonable time (10 seconds max) and the container is started and the service is running.
Additional information you deem important (e.g. issue happens only occasionally):
always
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
The text was updated successfully, but these errors were encountered: