Search code examples
centos8podman

rootless podman can not run some commands


I had a problem with gitlab running podman commands with gitlab-runner user and I could not see the created containers with my user. I chaned the user as described in Change Gitlab CI Runner user. I ran the gitlab pipeline again and it went successfully through 3 steps and created a podman pod and 2 other containers in it. Suddenly it stoped by a podman run for the last container. I checked the server and gave podman ps -a but nothing happend after pressing enter and I could still write in command line! I wrote podman images list and I could see the images list (2 images have the same id and I can not remove them!!). I tried sudo podman ps and it worked! Some commands just work and some commands are not working as rootless. my user can not do podman run from Gitlab but on the server my user can run podman run hello-world! I get no error just it remains in that state and I have to cancle the job.

I am using centos 8, podman 3.3.1. sudo podman info:

host:

arch: amd64
  buildahVersion: 1.22.3
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.29, commit: 0f5bee61b18d4581668e5bf18b910cda3cff5081'
  cpus: 40
  distribution:
    distribution: '"rhel"'
    version: "8.5"
  eventLogger: file
  hostname: DELL2
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 4.18.0-348.2.1.el8_5.x86_64
  linkmode: dynamic
  memFree: 55734177792
  memTotal: 134510010368
  ociRuntime:
    name: runc
    package: runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.2
      spec: 1.0.2-dev
      go: go1.16.7
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /bin/slirp4netns
    package: slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 4294963200
  swapTotal: 4294963200
  uptime: 11h 30m 52.88s (Approximately 0.46 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 3.3.1
  Built: 1632213702
  BuiltTime: Tue Sep 21 10:41:42 2021
  GitCommit: ""
  GoVersion: go1.16.7
  OsArch: linux/amd64
  Version: 3.3.1

Command line keeps listening and nothing comes back. I can keep writing!!:


Solution

  • In my case it was SELinux problem. I turned it off and restarted the server. It works now.