On 9/15/20 5:05 PM, Reinhard Tartler wrote:
I think this is the relevant error message. May I ask a couple of questions: 1. Did this work with an earlier verison of podman, i.e., is this a regression? What version worked for you before?
No, I didn't try an earlier version of podman. I just found out that there is a native podman available.
2. Does the problem go away after a reboot?
No.
3. Does the command 'unshare -nr id' work for you?
Yes: % unshare -nr id uid=0(root) gid=0(root) groups=0(root),65534(nogroup) % id -a uid=1000(harri) gid=1000(harri) groups=1000(harri),4(adm),6(disk),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),44(video),46(plugdev),50(staff),107(haldaemon),108(powerdev),111(mythtv),112(netdev),119(kvm),123(wireshark),124(fuse),136(sbuild),999(docker) And no, docker is not installed. It was.
4. Did you read the file /usr/share/doc/podman/README.Debian, in particular the parts "User Namespaces" and "Troubleshooting rootless mode"?
I did, but they are no help. I don't run a Debian kernel, i.e. there is no sysctl kernel.unprivileged_userns_clone to be set. CONFIG_USER_NS is enabled. And AFAIR it is common practice to define default subuid and subgid ranges as a fallback (at least for Docker). I think there is a misunderstanding: The problem is not the error, but the error *message*. Can you do without complaining about bad HTTP code and URLs that don't work? Surely they don't give a hint about what is wrong. They are just distracting. Thanx very much Harri