You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The service doesn't start because there isn't the permissions to execute the binary.
Steps to reproduce the issue
Steps to reproduce the issue
1.
2.
3.
Describe the results you received
Executing external compose provider "/usr/bin/docker-compose". Please refer to the documentation for details. <<<<
Creating bitcoind ... done
Creating lnd ... done
Creating server ...
Creating protected ... error
Creating server ... error
ERROR: for protected Cannot start service protected: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for server Cannot start service server: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for protected Cannot start service protected: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for server Cannot start service server: crun: open executable: Operation not permitted: OCI permission denied
ERROR: Encountered errors while bringing up the project.
Error: executing /usr/bin/docker-compose up -d: exit status 1
Describe the results you expected
The first two severices use images I pull from docker.io, the other two I service I made. The last are the one who seem to fail because it can't run the executables.
podman info output
host:
arch: amd64buildahVersion: 1.35.3cgroupControllers:
- cpu
- io
- memory
- pidscgroupManager: systemdcgroupVersion: v2conmon:
package: conmon-2.1.10-1.fc40.x86_64path: /usr/bin/conmonversion: 'conmon version 2.1.10, commit: 'cpuUtilization:
idlePercent: 73.94systemPercent: 9.46userPercent: 16.61cpus: 8databaseBackend: boltdbdistribution:
distribution: fedoravariant: workstationversion: "40"eventLogger: journaldfreeLocks: 2027hostname: fedoraidMappings:
gidmap:
- container_id: 0host_id: 1000size: 1
- container_id: 1host_id: 524288size: 65536uidmap:
- container_id: 0host_id: 1000size: 1
- container_id: 1host_id: 524288size: 65536kernel: 6.8.9-300.fc40.x86_64linkmode: dynamiclogDriver: journaldmemFree: 995950592memTotal: 10360008704networkBackend: netavarknetworkBackendInfo:
backend: netavarkdns:
package: aardvark-dns-1.10.0-1.fc40.x86_64path: /usr/libexec/podman/aardvark-dnsversion: aardvark-dns 1.10.0package: netavark-1.10.3-3.fc40.x86_64path: /usr/libexec/podman/netavarkversion: netavark 1.10.3ociRuntime:
name: crunpackage: crun-1.14.4-1.fc40.x86_64path: /usr/bin/crunversion: |- crun version 1.14.4 commit: a220ca661ce078f2c37b38c92e66cf66c012d9c1 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJLos: linuxpasta:
executable: /usr/bin/pastapackage: passt-0^20240510.g7288448-1.fc40.x86_64version: | pasta 0^20240510.g7288448-1.fc40.x86_64 Copyright Red Hat GNU General Public License, version 2 or later <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.remoteSocket:
exists: truepath: /run/user/1000/podman/podman.socksecurity:
apparmorEnabled: falsecapabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOTrootless: trueseccompEnabled: trueseccompProfilePath: /usr/share/containers/seccomp.jsonselinuxEnabled: falseserviceIsRemote: falseslirp4netns:
executable: ""package: ""version: ""swapFree: 7189819392swapTotal: 8589930496uptime: 0h 31m 50.00svariant: ""plugins:
authorization: nulllog:
- k8s-file
- none
- passthrough
- journaldnetwork:
- bridge
- macvlan
- ipvlanvolume:
- localregistries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.iostore:
configFile: /home/snakedye/.config/containers/storage.confcontainerStore:
number: 4paused: 0running: 0stopped: 4graphDriverName: overlaygraphOptions: {}graphRoot: /home/snakedye/.local/share/containers/storagegraphRootAllocated: 510405902336graphRootUsed: 119447580672graphStatus:
Backing Filesystem: btrfsNative Overlay Diff: "true"Supports d_type: "true"Supports shifting: "false"Supports volatile: "true"Using metacopy: "false"imageCopyTmpDir: /var/tmpimageStore:
number: 43runRoot: /run/user/1000/containerstransientStore: falsevolumePath: /home/snakedye/.local/share/containers/storage/volumesversion:
APIVersion: 5.0.2Built: 1713312000BuiltTime: Tue Apr 16 20:00:00 2024GitCommit: ""GoVersion: go1.22.1Os: linuxOsArch: linux/amd64Version: 5.0.2
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
System Details Report
Report details
Date generated: 2024-05-20 16:05:30
Hardware Information:
Hardware Model: ASUSTeK COMPUTER INC. ZenBook UX462DA
Memory: 12.0 GiB
Processor: AMD Ryzen™ 7 3700U with Radeon™ Vega Mobile Gfx × 8
Graphics: AMD Radeon™ Vega 10 Graphics
Disk Capacity: (null)
Software Information:
Firmware Version: UX462DA.307
OS Name: Fedora Linux 40 (Workstation Edition)
OS Build: (null)
OS Type: 64-bit
GNOME Version: 46
Windowing System: Wayland
Kernel Version: Linux 6.8.9-300.fc40.x86_64
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered:
Thank you for reporting this, but there really isn't anything for us to go on.
the other two I service I made. The last are the one who seem to fail
This kind of seems to maybe point toward a problem with the images you made? Maybe you didn't make the executables 755, or maybe there's a noexec filesystem, or many other possibilities. Regardless, this does not seem like a podman bug. If you can provide us with a reproducer, we'll be glad to look further.
Issue Description
The service doesn't start because there isn't the permissions to execute the binary.
Steps to reproduce the issue
Steps to reproduce the issue
1.
2.
3.
Describe the results you received
Creating bitcoind ... done
Creating lnd ... done
Creating server ...
Creating protected ... error
Creating server ... error
ERROR: for protected Cannot start service protected: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for server Cannot start service server: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for protected Cannot start service protected: crun: open executable: Operation not permitted: OCI permission denied
ERROR: for server Cannot start service server: crun: open executable: Operation not permitted: OCI permission denied
ERROR: Encountered errors while bringing up the project.
Error: executing /usr/bin/docker-compose up -d: exit status 1
Describe the results you expected
The first two severices use images I pull from docker.io, the other two I service I made. The last are the one who seem to fail because it can't run the executables.
podman info output
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
System Details Report
Report details
Hardware Information:
Software Information:
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
The text was updated successfully, but these errors were encountered: