Add a section to the troubleshooting guide describing how to get secret
mounts working in an environment with nosuid-mounted file systems and
runc, such as RHEL8, as discussed in
https://github.com/containers/buildah/issues/4228.
Signed-off-by: Philipp Wagner <phw@ibm.com>
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2139191
We have a timing issue when doing a build or pull of an image and
a second process is removing them at the same time. This is not
a window we're going to close now, so I'm adding a note to the
troubleshooting guide to document it.
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Add new troubleshooting tip:
Podman run fails with "Error: unrecognized namespace mode keep-id:uid=1000,gid=1000 passed"
Update the troubleshooting tips:
"Passed-in devices or files can't be accessed in rootless container (UID/GID mapping problem)"
and
"Container creates a file that is not owned by the user's regular UID"
to use
"--userns keep-id:uid=$uid,gid=$gid"
instead of the command-line options --uidmap and --gidmap
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
After lgtming the latest from @flouthouc, I spotted one
more minor typo in the troubleshooting guide. This corrects it.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Add a small note to troubleshooting docs regaring version parity between
podman-client and podman-server when looking for bug fixes.
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/12660
Signed-off-by: Aditya R <arajan@redhat.com>
* Mention the command "podman unshare chown 0:0 dir1/a"
that changes file ownership to the regular user's UID and GID on
the host.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Expand the bit about needing to allocate UIDs so that we don't appear to
imply that adding a range of 10000 IDs to /etc/subuid will allow people
to use UID 1000000, which isn't in the range that we'd map a range of
that size to.
TLS is an acronym, so capitalize when we're talking about the protocol.
TLS verification is about encryption, not authentication.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Mention overlay option for --rootfs. Overlay description text
is from commit 020d81f113
by Qi Wang
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add troubleshooting advice: "Container creates a file that is
not owned by the user's regular UID". The solution involves
using the options --uidmap and --gidmap.
* Add troubleshooting advice: "Passed-in devices or files can't be
accessed in rootless container (UID/GID mapping problem)".
The general solution involves using the options --uidmap and
--gidmap. Sometimes --userns=keep-id could be used.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
A CNI container image is required for rootless networking
in V2.2.1 (RHEL 8.3.1) and through v3.0.1. Add a note in the
troubleshooting guide with a pointer to the documenation
for that.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Users coming e.g. from Docker do not always read the manual and
expect podman to not require sudo or uidmap, for them the default
message is not very helpful:
Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.:
cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH
Adding a bit more context to this would help to nudge them into the
right direction and tell them what to look for in the documentation:
command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
[NO TESTS NEEDED]
Also a link to the troubleshooting guide into the issue template.
Replaces: https://github.com/containers/podman/pull/9770
Signed-off-by: Josh Berkus <josh@agliodbs.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>