-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker-compose up edgex jakarta #14133
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
Thanks for reaching out! I did not verify but I suspect that the issue is that format of |
Yes, that must be it:
@nicrowe00, I think that's a nice one for you. |
mheon
pushed a commit
to mheon/libpod
that referenced
this issue
Jun 14, 2022
In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes containers#14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
gbraad
pushed a commit
to gbraad-redhat/podman
that referenced
this issue
Jul 13, 2022
In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes containers#14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
kind/bug
Categorizes issue or PR as related to a bug.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
/kind bug
Description
Use podman with docker-compose to start up edgex jakarta version.
https://github.com/edgexfoundry/edgex-compose/blob/jakarta/docker-compose.yml
sudo DOCKER_HOST=unix:///var/run/podman/podman.sock docker-compose up -d
Creating edgex-security-bootstrapper ... error
Creating edgex-ui-go ...
ERROR: for edgex-security-bootstrapper Cannot create container for service security-bootstrapper: fill out specgen: invalid --security-opt 1: "no-new-Creating edgex-ui-go ... error
ERROR: for edgex-ui-go Cannot create container for service ui: fill out specgen: invalid --security-opt 1: "no-new-privileges:true"
ERROR: for security-bootstrapper Cannot create container for service security-bootstrapper: fill out specgen: invalid --security-opt 1: "no-new-privileges:true"
ERROR: for ui Cannot create container for service ui: fill out specgen: invalid --security-opt 1: "no-new-privileges:true"
ERROR: Encountered errors while bringing up the project.
Describe the results you received:
failed to start up edgex jakarta version.
Describe the results you expected:
succeeded to start up edgex jakarta version.
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Client: Podman Engine
Version: 4.1.0-dev
API Version: 4.1.0-dev
Go Version: go1.16
Git Commit: a3908b0
Built: Thu May 5 16:00:26 2022
OS/Arch: linux/amd64
Output of
podman info --debug
:host:
arch: amd64
buildahVersion: 1.26.0-dev
cgroupControllers: []
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon_100:2.1.0-2_amd64
path: /usr/libexec/podman/conmon
version: 'conmon version 2.1.0, commit: '
cpuUtilization:
idlePercent: 90.97
systemPercent: 3.22
userPercent: 5.8
cpus: 8
distribution:
codename: bionic
distribution: ubuntu
version: "18.04"
eventLogger: journald
hostname: daas
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 5.4.0-109-generic
linkmode: dynamic
logDriver: journald
memFree: 783097856
memTotal: 16551878656
networkBackend: cni
ociRuntime:
name: crun
package: crun_100:0.18-2_amd64
path: /usr/bin/crun
version: |-
crun version 0.18.1-7931a-dirty
commit: 7931a1eab0590eff4041c1f74e2844b297c31cea
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
remoteSocket:
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns_100:1.1.8-3_amd64
version: |-
slirp4netns version 1.1.8
commit: unknown
libslirp: 4.3.1-git
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.3.1
swapFree: 2003230720
swapTotal: 2147479552
uptime: 259h 56m 17.29s (Approximately 10.79 days)
plugins:
log:
network:
volume:
registries:
search:
store:
configFile: /home/user/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: vfs
graphOptions: {}
graphRoot: /home/user/.local/share/containers/storage
graphRootAllocated: 1055815524352
graphRootUsed: 807820865536
graphStatus: {}
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/user/1000/containers
volumePath: /home/user/.local/share/containers/storage/volumes
version:
APIVersion: 4.1.0-dev
Built: 1651737626
BuiltTime: Thu May 5 16:00:26 2022
GitCommit: a3908b0
GoVersion: go1.16
Os: linux
OsArch: linux/amd64
Version: 4.1.0-dev
Additional environment details (AWS, VirtualBox, physical, etc.):
physical
The text was updated successfully, but these errors were encountered: