Mac machine init fails with Error: obtaining default signature policy: open /etc/containers/policy.json

[jfrantzius]

Issue Description

Latest HEAD (Git hash bbd4476) fails on machine init on Mac

Steps to reproduce the issue

Steps to reproduce the issue

1. brew install podman --HEAD - for me resulting in Git hash bbd4476
2. export CONTAINERS_MACHINE_PROVIDER=applehv
3. brew machine init

Describe the results you received

podman machine init
Error: obtaining default signature policy: open /etc/containers/policy.json: no such file or directory

Describe the results you expected

A new VM should be created

podman info output

podman info
OS: darwin/arm64
provider: applehv
version: 5.0.0-dev

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

Prior to podman machine init I removed all Podman files like this:

rm -rf ~/.config/containers/
rm -rf ~/.local/share/containers
rm ~/.ssh/podman*

[Luap99]

This is expected right now. We now pull the image via container registries and that reuses our existing security policies which requires a valid policy.json file to exist. I am working on some changes for this but it will be likely that packagers or users have to install such a file from now on.

If you want to get it working right now you can copy this file to either the /etc path mentioned in the error or to ~/.config/containers/policy.json

[jfrantzius]

Thanks, that does the trick!

Just my 2 cents, I guess that would not be very user friendly if users had to manually download and copy that file to their filesystem ;)

[Luap99]

Just my 2 cents, I guess that would not be very user friendly if users had to manually download and copy that file to their filesystem ;)

I am not saying you should have too, if you install via package manager like brew then it should install such for for its users, just like other config files as well. Of course the details on how we want to handle policy.json on macos/windows are yet to be fully figured out.

[jfrantzius]

Out of curiosity, is there an internal issue tracker where you track this?

[afbjorklund]

Linux users have been required to manually install this file for years... (unless using the "containers-common" package)

[Luap99]

Out of curiosity, is there an internal issue tracker where you track this?

In the general case yes we have an internal Jira tracker, however for most of the new machine bugs we just made a internal list and assigned stuff to people because creating a ticket would have taken more time than fixing the bug for most things.

Anyhow lets keep this open as it is not fixed for windows/macos (We have our own macos/windows installers and they definitely should include such a file which is not the case right now)

[Luap99]

#21765 merged which provides a Makefile option to set another path for the file. So needs to update the brew package to install the policy.json file to some location they like and then set the MACHINE_POLICY_JSON_DIR option accordingly when compiling podman.

So I think this can be closed as such.