-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XDG_RUNTIME_DIR directory "/run/user/1000" is not owned by the current user #13338
Comments
I strongly suspect that |
I would normally agree with you, but it fails when logging in on the console as well and only works after a full reboot of the OS. Here is my environment while logged into the console with
|
If loginctl enable-linger requires a reboot is not up to us, this is a systemd feature. What I do not understand here is why podman is failing with XDG_RUNTIME_DIR problem. In the issue description you say uid 1002 but the errors shows 1006. Can you try this with podman 3.4 or podman 4.0 and see if you can reproduce there, maybe this is already fixed. |
You can pretty much ignore the actual UID, every time I reboot I create a new user to test with when I need to start from scratch. For what matters, the UID does match for the appropriate user. What is the recommended way to try with those versions? I see the source code is available, but is there a location for prebuilt binaries that I can download? |
I am running the v4 release as provided here. Created a new user test ID=1006 and connected via
Ran podman info, this used to work on v3.0.1.
Enabled lingering and added the following lines to test's .bashrc.
Podman info still doesn't work, the warning is new.
I reboot and now I get the following, looks like the XDG error went away just like before, but the response is new.
This only works as root now.
Same with this...
|
@djarbz I think this is fixed in 4.0.2. We found a late-breaking bug due to permissions on our call that gets the RunTimeDir. Any chance you can try 4.0.2? https://github.com/containers/podman/releases/tag/v4.0.2 |
I just updated.
I am still getting this error, however, I did not see the XDG error!
|
@djarbz see #13402 (comment) for the permission denied problem. Since the XDG problem is fixed I close this issue. |
Hi @Luap99, I apologize, but it looks like this issue is not actually resolved. I was able to fix my issue with cni.lock (#13402 (comment))
|
I just spun up a Rocky Linux LXC to test and I am experiencing the same XDG error. OS Release
Podman Version
Podman Info
|
@djarbz Can you change the permissions of /run/user/$UID to 0700. This should work for now. |
No change unfortunately, for either Debian or Rocky.
|
this is fixed with containers/common#947 |
Thanks @giuseppe |
the change must be vendored in Podman, so you'll need a newer Podman |
Umm @djarbz did your problem fixed with the new version? I don't think the referenced commit will actually fix the problem. The directory permission is already 700, so I don't see how the proposed fix will solve it. The check fmt.Println("hello world")
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
if runtimeDir != "" {
st, err := os.Stat(runtimeDir)
fmt.Println(st.Mode().Perm() == 0700)
This returns true. Below is my output from bash, (forgive my custom prompt), my uid is 1000 and /run/user/1000 is actually owned by me and permission is 700. ↪ ~ ➤ stat /run/user/1000/
File: /run/user/1000/
Size: 200 Blocks: 0 IO Block: 4096 directory
Device: 3bh/59d Inode: 1 Links: 8
Access: (0700/drwx------) Uid: ( 1000/ gittu) Gid: ( 1000/ gittu)
Access: 2022-04-20 21:48:48.774587922 +0600
Modify: 2022-04-20 21:44:25.954585972 +0600
Change: 2022-04-20 21:44:25.954585972 +0600
Birth: -
↪ ~ ➤ podman version
ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/1000" is not owned by the current user
↪ ~ ➤ whoami
gittu
↪ ~ ➤ id -u
1000 |
Hi @sarim, You are correct, I do not believe that this corrected the issue. |
Can you run with --log-level debug? |
Ok, I just rebuilt my test machine.
|
Here is an interesting turn of events. I modified the function linked in
main.go
|
Yes, the same behavior is seen in my snippet in previous post too. (Un?)fortunately I couldn't reproduce the error in my system after booting up the PC the next day. I messed with podman versions, upgraded to 4.0.3 then down to 3.4.2 couple of times. Not sure what fixed the problem :/ I guess the next step would be to debug run a compiled from source podman with breakpoints... |
I have found that after a reboot everything works fine, but I don't know what changes. Running a debug version of Podman is a bit beyond my expertise. |
The problem is you are leaking the XDG_RUNTIME_DIR environment from one user to another. When you su from one user to another, the environment follows you and this is confusing Podman. This is fixed in podman 4.0.4. I am closing. Please create a new issue, if you find one that is easily reproduced. |
Hi @rhatdan I log into the console as the linger user and still have this issue. I do not believe that it is related to environment leaking. Code to test:
Output via console direct login:
Output via
|
Please open a brand new issue then. |
I created the folder manually and exported XDG_RUNTIME_DIR and it worked .Not sure if its the right approach . mkdir -p /tmp/$USER-runtime podman info should now work without any exceptions |
this worked for me perfectly but another quirk that i noticed is that the |
/kind bug
Description
I am attempting to run podman in rootless mode with lingering.
When I attempt to start the systemctl --user service podman fails with the error in the title.
In my case, I am user 1002 and the error states UID 1002, but I replaced it with 1000 as I expect that to be most common and should help with other users searching for the same error.
In my case the directory is in fact owned by the current user and is writable by the current user.
EDIT: Whenever I reboot and need to test from scratch I create a new user, so the UIDs don't necessarily match, but when applicable, they do match the user currently being utilized for testing.
Steps to reproduce the issue:
As a test, I created a new user.
sudo su - test -c 'podman info'
worksSo I enable linger and it fails, there is a note about this on the troubleshooting page, so let's login to the console.
On the troubleshooting page it states that I need to create a login session, so I login from the console.
I still get the error.
Ok, let's tests with the machinectl method.
Let's reboot for good measure...
sudo su - test -c 'podman info'
works!So in summary, after enabling lingering we need to reboot the server for podman to operate as that user.
Describe the results you received:
Podman does not work as a lingering user until the host is rebooted as shown above.
Command:
podman info
Error:
ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/1006" is not owned by the current user
Describe the results you expected:
Running podman commands should work as expected after a user has been granted lingering without rebooting the host.
Additional information you deem important (e.g. issue happens only occasionally):
I am working with Ansible on this and it is repeatable for every run and every instance when the host is recreated.
I am running a Debian CT on Proxmox.
The Proxmox filesystem is ZFS so I am using the VFS driver in the CT.
Proxmox:
Container:
Ansible:
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
I am using the latest version of Podman available for Debian 11, I have referenced the Podman Troubleshooting Guide.
Additional environment details (AWS, VirtualBox, physical, etc.):
Proxmox CT.
The text was updated successfully, but these errors were encountered: