You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Debian 13 (SID) fail to run rootless podman with pasta networking when root and/or runroot are pointing at a path at or below /var/tmp/. This is believed to be due to a broken apparmor profile, but attempts at workarounds have failed (PR discussion). Example annotated log.
#22533 changes it to /tmp which I thought would work, however it seem /tmp... is only given write access and pasta opens the path with read access so it gets blocked. The apparmor profile needs a rule to allow read access.
The podman CI on debian runs tests based on /tmp but pasta is failing
there because it is unable to open the netns path as the open for read
access is denied.
Link: containers/podman#22625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Luap99
added a commit
to Luap99/libpod
that referenced
this issue
May 13, 2024
This reverts commit 02b8fd7.
The new CI images should have a apparmor workaround.
Fixescontainers#22625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Issue Description
Debian 13 (SID) fail to run rootless podman with pasta networking when root and/or runroot are pointing at a path at or below
/var/tmp/
. This is believed to be due to a broken apparmor profile, but attempts at workarounds have failed (PR discussion). Example annotated log.Steps to reproduce the issue
On a Debian VM:
podman --root=/var/tmp/something --runroot=/var/tmp/somethingelse network create foobar
podman --root=/var/tmp/something --runroot=/var/tmp/somethingelse run -it --rm --network=foobar quay.io/libpod/alpine:latest true
Describe the results you received
Describe the results you expected
Container should run and exit cleanly without any error.
podman info output
Podman in a container
Yes
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
No response
The text was updated successfully, but these errors were encountered: