New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rootless podman on CircleCI fails to even build with error running container: from /usr/bin/crun: sd-bus call: Permission denied #16529
Comments
Sounds like you are missing the systemd user session. Can you try with the latest version? |
When I added
-- see https://app.circleci.com/pipelines/github/adelton/freeipa-container/98/workflows/9301ab35-a5fd-48a5-9d90-c4090232a2d1/jobs/505. So there is some user session there. Anything specific about it that I should look for? What latest version do you have in mind? I install podman from download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/ in this case. |
sudo or su will not create a proper systemd user session, see https://github.com/containers/podman/blob/main/troubleshooting.md#31-podman-run-fails-with-erro0000-xdg_runtime_dir-directory-runuser0-is-not-owned-by-the-current-user-or-error-creating-tmpdir-mkdir-runuser1000-permission-denied for alternatives. I don't know much about the packaging but I assume the kubic repo has a more up to date version so I would try that one. |
As I already mentioned above:
I assume CircleCI falls into the category of "badly configured systemd session" at https://github.com/containers/podman/blob/main/troubleshooting.md#31-podman-run-fails-with-erro0000-xdg_runtime_dir-directory-runuser0-is-not-owned-by-the-current-user-or-error-creating-tmpdir-mkdir-runuser1000-permission-denied -- but what specifically should I be looking for? What sd-bus operations does podman do?
What kubic repo do you have in mind, different from this unstable one I've been trying it with? |
Yes I think this is the correct kubic repo. Podman doesn't do anything with sd-bus here. It is crun which is failing.
cc @giuseppe @adelton Does a normal podman run work? You could also try installing runc and using this as your runtime for testing. |
What do you mean exactly by normal podman? I thought that my use of podman was quite normal. :-) When I installed
Does it indicate something useful? |
runc is failing for the same reason. sudo doesn't create a user session, could you try with |
alternatively, you could just use |
While sudo might not create a user session, that sudo runs
which I assume might do something about the session. After all,
showing a session for uid 1001, not for root. |
Using |
A friendly reminder that this issue had no activity for 30 days. |
I don't believe this is still and issue and you have a workaround closing. |
@rhatdan , $ cat Containerfile
FROM quay.io/centos/centos:stream9
RUN dnf install -y bind-utils podman build -t test:latest .
STEP 1/2: FROM quay.io/centos/centos:stream9
STEP 2/2: RUN dnf install -y bind-utils
error running container: from /usr/bin/crun creating container for [/bin/sh -c dnf install -y bind-utils]: sd-bus call: Interactive authentication required.: Permission denied
: exit status 1
ERRO[0000] did not get container create message from subprocess: EOF
Error: building at STEP "RUN dnf install -y bind-utils": while running runtime: exit status 1 When I use the workaround, it works: Is this a podman issue or a systemd issue or some misconfiguration in f38? Is there anything I should look into? Thank you. |
Please open a new issue, unless you are running under CircleCI? |
Will do. Thank you @rhatdan |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
I select bug here but this is more a question about what the assumptions are about the setup and what could be causing the crun / sd-dbus Permission deniced / Interactive authentication required failure or what configuration change to try.
Description
I try to add testing https://github.com/freeipa/freeipa-container on CircleCI on their Ubuntu 22.04 VMs.
Compared to GitHub Actions Ubuntu 22.04 where this works without issues once a session gets created by ssh to self, on CircleCI where
loginctl
shows that we already have session I'm hittingor with podman from download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/
Steps to reproduce the issue:
Describe the results you received:
https://app.circleci.com/pipelines/github/adelton/freeipa-container/74/workflows/9a11b1d9-4040-4d9f-a005-e50532d4bb44/jobs/503
Describe the results you expected:
No error, image built.
Additional information you deem important (e.g. issue happens only occasionally):
The
loginctl
shows we are running in a session:I also tried
systemd-run --scope --user
and ssh to self to no avail. It seems like we have session alright, it just needs some permissions somewhere.I get this on the CircleCI Ubuntu VMs in deterministic fashion. When I change the
steps to
to test with the latest podman per https://podman.io/getting-started/installation#ubuntu, the output is slightly different but still error:
https://app.circleci.com/pipelines/github/adelton/freeipa-container/73/workflows/a086e653-cd68-47f9-851c-54a79d849c7f/jobs/502
Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
orbrew info podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes; No
Additional environment details (AWS, VirtualBox, physical, etc.):
This is on CircleCI Ubuntu 22.04 ARM VM.
The text was updated successfully, but these errors were encountered: