podman: podman run fails on tinycore

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman run fails on tinycore 11.1 VM because of some issue related to slirp4netns. I built podman and related deps manually. Are there any plans to release podman distros for tinycore? That would be very helpful.

Steps to reproduce the issue:

  1. Install podman on tinycore using manual install

  2. Run podman run hello-world

Describe the results you received:

tc@box:~/tczs$ podman run  hello-world
✔ docker.io/library/hello-world:latest
Trying to pull docker.io/library/hello-world:latest...
Getting image source signatures
Copying blob 0e03bdcc26d7 done
Copying config bf756fb1ae done
Writing manifest to image destination
Storing signatures
Error: /home/tc/.nix-profile/bin/slirp4netns failed: "sent tapfd=7 for tap0\nWARNING: Support for seccomp is experimental\nreceived tapfd=7\ncannot pivot_root to /tmp\ncreate_sandbox failed\ndo_slirp is exiting\ndo_slirp failed\nparent failed\nWARNING: Support for seccomp is experimental\nStarting slirp\n* MTU:             65520\n* Network:         10.0.2.0\n* Netmask:         255.255.255.0\n* Gateway:         10.0.2.2\n* DNS:             10.0.2.3\n* Recommended IP:  10.0.2.100\n"

Describe the results you expected: Expected it to work

Additional information you deem important (e.g. issue happens only occasionally): Tried this workaround, but it produces a different error

tc@box:~/tczs$ podman run  --network=host --cgroups disabled hello-world
Error: OCI runtime error: invalid file system type on '/sys/fs/cgroup'

Output of podman version:

Version:      3.0.0-dev
API Version:  3.0.0
Go Version:   go1.15.6
Git Commit:   9c9f02aad773051fa742a874844f08f2fb567d3b-dirty
Built:        Tue Jan  1 00:00:00 1980
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.19.0-dev
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /usr/local/bin/conmon
    version: 'conmon version 2.0.23-dev, commit: 05b804604d6da1b3faaee7defb65d3b9b3771888-dirty'
  cpus: 1
  distribution:
    distribution: tinycore
    version: "11.1"
  eventLogger: file
  hostname: box
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 50
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1001
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
  kernel: 5.4.3-tinycore64
  linkmode: static
  memFree: 187273216
  memTotal: 3123281920
  ociRuntime:
    name: crun
    package: Unknown
    path: /usr/local/bin/crun
    version: |-
      crun version 0.16
      commit: eb0145e5ad4d8207e84a327248af76663d4e50dd
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1001/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    selinuxEnabled: false
  slirp4netns:
    executable: /home/tc/.nix-profile/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 759169024
  swapTotal: 769392640
  uptime: 4h 33m 43.52s (Approximately 0.17 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
store:
  configFile: /home/tc/.config/containers/storage.conf
  containerStore:
    number: 12
    paused: 0
    running: 0
    stopped: 12
  graphDriverName: vfs
  graphOptions: {}
  graphRoot: /home/tc/.local/share/containers/storage
  graphStatus: {}
  imageStore:
    number: 2
  runRoot: /run/user/1001/containers
  volumePath: /home/tc/.local/share/containers/storage/volumes
version:
  APIVersion: 3.0.0
  Built: 315532800
  BuiltTime: Tue Jan  1 00:00:00 1980
  GitCommit: 9c9f02aad773051fa742a874844f08f2fb567d3b-dirty
  GoVersion: go1.15.6
  OsArch: linux/amd64
  Version: 3.0.0-dev

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.): Tinycore runs on virtual box.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (11 by maintainers)

Most upvoted comments

The best would be to make it configurable, based on whether using a rootfs or not. (i.e. no_pivot)

        // NetworkCmdPath is the path to the slirp4netns binary.
        NetworkCmdPath string `toml:"network_cmd_path,omitempty"`

        // NetworkCmdOptions is the default options to pass to the slirp4netns binary.
        // For example "allow_host_loopback=true"
        NetworkCmdOptions []string `toml:"network_cmd_options,omitempty"`

        // NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
        NoPivotRoot bool `toml:"no_pivot_root,omitempty"`

Converting to a tmpfs, or compiling out or disabling the sandbox feature sounds like workarounds ?

It is podman that decides to “call” runc or buildah or slirp4netns, and needs to use the proper flags.

        noPivot := r.config.Engine.NoPivotRoot

        if !noPivot && slirpFeatures.HasEnableSandbox {
                cmdArgs = append(cmdArgs, "--enable-sandbox")
        }
+1
afbjorklund on Dec 29, 2020
Read more comments on GitHub
← podman: podman run fails if `--tty` or `-t` is used and `/tmp` is mapped to the podman machine
podman: podman run fails on Ubuntu 23.10 (Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax) →