podman: cannot find UID/GID for user *: open /etc/subuid: no such file or directory

On Arch Linux:

$ uname -a
Linux computer 5.19.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 29 Aug 2022 15:51:05 +0000 x86_64 GNU/Linux
$ yes | sudo pacman -Syu podman
$ podman images
ERRO[0000] cannot find UID/GID for user username: open /etc/subuid: no such file or directory - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/username/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver
$ podman search httpd
ERRO[0000] cannot find UID/GID for user username: open /etc/subuid: no such file or directory - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/home/username/.local/share/containers/storage/overlay": backing file system is unsupported for this graph driver

Perhaps add an entry to the troubleshooting guide? Also, consider updating the message to point to the troubleshooting guide:

https://github.com/containers/podman/blob/main/troubleshooting.md

Consider:

$ podman images
ERRO[0000] See https://github.com/containers/podman/blob/main/troubleshooting.md#err-0000
WARN[0000] See https://github.com/containers/podman/blob/main/troubleshooting.md#warn-0000
ERRO[0001] See https://github.com/containers/podman/blob/main/troubleshooting.md#warn-0001

Even better, of course, would be:

$ podman images
Error: Cannot find UID/GID for username.
Apply fix [y/N]? yes
Warning: Using rootless single mapping into the namespace.
Apply fix [y/N]? yes
Error: Kernel does not support overlay.
Apply fix [y/N]? yes

Or even something like:

$ podman images
ERRO[0055] No images found.

See: https://github.com/containers/podman/blob/main/troubleshooting.md#err-0055

Something feels off here. When I run docker, it attempts to run without any error messages upon first install. Consider:

$ yes | sudo pacman -Syu docker
$ docker images
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ docker run
"docker run" requires at least 1 argument.
See 'docker run --help'.

Usage:  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Run a command in a new container
$ docker start
"docker start" requires at least 1 argument.
See 'docker start --help'.

Usage:  docker start [OPTIONS] CONTAINER [CONTAINER...]

Start one or more stopped containers

The help is clear on where to go to next. In contrast, podman states:

If you have a recent version of usermod, you can execute the following commands to add the ranges to the files

$ sudo usermod --add-subuids 10000-75535 USERNAME $ sudo usermod --add-subgids 10000-75535 USERNAME

That’s not helpful. What username? Why 10000? Why 75535? Those seems like arbitrary IDs. Again, something feels off here. Why do I have to set the uid/gid values in a file located in /etc just to list images and search for an HTTP server?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 18 (8 by maintainers)

Most upvoted comments

Allocating additional IDs to a user is a privileged operation that can be performed only by root.

Is prompting the user for permission to escalate not feasible?

to use images with multiple IDs, rootless podman needs to create a user namespace where multiple IDs are mapped. … then you need to run usermod and make sure the unprivileged user can access more IDs.

I’ve never used podman before. I have no idea whether I want rootless or not. Mostly, I was just trying to run it to see if I could create a minimal container. I spent about 30 minutes trying to figure it out, then gave up. The error messages didn’t help. While I appreciate the suggestion to “run usermod”, the man pages also suggest the same thing, but could use some clarification.

Possibly:

sudo usermod --add-subuids 10000-75535 $LOGNAME

$LOGNAME is POSIX.1-2017, but there may be other equally valid ways to instruct the user as to what username to use, rather than USERNAME. If we run the literal command as recommended in the man pages, we get:

$ sudo usermod --add-subuids 10000-75535 USERNAME
usermod: user 'USERNAME' does not exist

After another search, it looks like DocumentFoundation has documented a similar approach, but uses $(whoami) instead of $LOGNAME. Moreover, they also suggest running the following commands, which may also be helpful to include in podman’s documentation:

sudo touch /etc/sub{u,g}id
mkdir ~/.config/containers && echo 'runtime = "crun"' >> ~/.config/containers/containers.conf

If a page like the DocumentFoundation’s existed as a quick start guide for podman, I’d have been up and running in a few minutes.

It’d still be nice to know what the range of 10000-75535 means and why those particular values were selected.

+2
ghost on Sep 2, 2022
Read more comments on GitHub
← podman: Cannot do cross-platform builds from Dockerfiles with `RUN` commands
podman: Cannot install podman on Amazon Linux 2 →