Rootless podman does not work with runsc

Question

Rootless podman does not work with runsc

sfc-gh-hyu opened this issue 2 years ago · comments

Description

I am trying to use podman to start runsc but failed. Here is the error I got with using either systemd or cgroupfs as the cgroup manager.

[hyu@fedora ~]$ podman --cgroup-manager systemd --runtime runsc run --systemd false  -it docker.io/library/ubuntu:latest 
Error: OCI runtime error: creating container: write unix @: sendmsg: broken pipe
[hyu@fedora ~]$ podman --cgroup-manager cgroupfs --runtime runsc run --systemd false  -it docker.io/library/ubuntu:latest 
Error: creating container: configuring cgroup: open /sys/fs/cgroup/cgroup.subtree_control: permission denied: OCI permission denied

Running podman with sudo is fine.

I saw the there is an existing issue #311, which is not closed, but with slightly different error.

Is this feature related to a specific bug?

No

Do you have a specific solution in mind?

No response

Fabricio Voznika · Answer 1 · Tue May 03 2022 09:10:09 GMT+0800 (China Standard Time)

runsc requires root to work. There is a --rootless flag, but it only works for runsc do. There are more details on the reasoning in #311. There needs to be some dedicated work done to properly support rootless in runsc.

Fabricio Voznika · Answer 2 · Tue May 03 2022 09:10:29 GMT+0800 (China Standard Time)

Duplicate of #311

github-actions · Answer 3 · Wed Sep 13 2023 08:18:38 GMT+0800 (China Standard Time)

A friendly reminder that this issue had no activity for 120 days.