Skip to content

Non-root user can't gain the extra privileges to create cgroups #452

New issue
New issue
Open
Open
Non-root user can't gain the extra privileges to create cgroups#452
@reagentoo

Description

@reagentoo
reagentoo
opened on Sep 14, 2021

There is no way to use сgroups for running podman containers (rootless):

$ podman run -it --cpus=10 --memory=24g my_img
Error: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: rootless needs no limits + no cgrouppath when no permission is granted for cgroups: mkdir /sys/fs/cgroup/530a853f5d02c0a95c7764643a6b15d391b8fe405704f61adc72548d702ee96c: permission denied: OCI permission denied

/etc/rc.conf:

rc_cgroup_mode="unified"
rc_controller_cgroups="YES"

mount options:

# mount | grep cgroup
none on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)

Related links:
containers/podman#11563

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions