[pkg-go] Bug#985379: marked as done (podman: fails to run on freshly installed Bullseye, runtime "crun" not found: invalid argument)

[Debian Bug Tracking System]

Your message dated Wed, 21 Apr 2021 22:19:04 +
with message-id 
and subject line Bug#985379: fixed in libpod 3.0.1+dfsg1-2
has caused the Debian Bug report #985379,
regarding podman: fails to run on freshly installed Bullseye, runtime "crun" 
not found: invalid argument
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: podman
Version: 3.0.1+dfsg1-1
Severity: important

This is the same as #971253. Specifically, 'runc' is installed as the first
Depend, however podman defaults to 'crun'. I think podman should depend on
'crun' first so it works out of the box (and with cgroups v2).

root@host1:~# podman images
Error: default OCI runtime "crun" not found: invalid argument
root@host1:~# ls -la /etc/containers/containers.conf
ls: cannot access '/etc/containers/containers.conf': No such file or directory


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (400, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon   2.0.25+ds1-1
ii  containernetworking-plugins  0.9.0-1+b2
ii  crun 0.17+dfsg-1
ii  golang-github-containers-common  0.33.4+ds1-1
ii  init-system-helpers  1.60
ii  libc62.31-9
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libgpgme11   1.14.0-1+b2
ii  libseccomp2  2.5.1-1
ii  runc 1.0.0~rc93+ds1-2+b1

Versions of packages podman recommends:
ii  buildah   1.19.6+dfsg1-1
ii  catatonit 0.1.5-2
ii  fuse-overlayfs1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b3
ii  slirp4netns   1.0.1-1
ii  tini  0.19.0-1
ii  uidmap1:4.8.1-1

Versions of packages podman suggests:
ii  containers-storage  1.24.8+dfsg1-1
pn  docker-compose  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libpod
Source-Version: 3.0.1+dfsg1-2
Done: Reinhard Tartler 

We believe that the bug you reported is fixed in the latest version of
libpod, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 985...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler  (supplier of updated libpod package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 21 Apr 2021 17:36:07 -0400
Source: libpod
Architecture: source
Version: 3.0.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Reinhard Tartler 
Closes: 985379 987207
Changes:
 libpod (3.0.1+dfsg1-2) unstable; urgency=medium
 .
   * Prefer crun over runc, Closes: #985379
   * Add depends in iptables, Closes: #987207
Checksums-Sha1:
 3d01152efe34ee7c44ccfbf2940e5d7fcaec057d 4941 libpod_3.0.1+dfsg1-2.dsc
 7f79272eb9d390b36fbeb6e6b614a6247261a294 15592 
libpod_3.0.1+dfsg1-2.debian.tar.xz
Checksums-Sha256:
 d3321bd2428c7d6c58c08f4886a3454cdd4b000778e24cbffbb835447fd52a8f 4941 
libpod_3.0.1+dfsg1-2.dsc
 1199de701625272f67e10f501d7e80aa3a9330aed73072152fd7cef333689219 15592 
libpod_3.0.1+dfsg1-2.debian.tar.xz
Files:
 9e36832ee01dce39b05d029fc2206433 4941 admin optional libpod_3.0.1+dfsg1-2.dsc
 65f77e5e3f54a757ceb0b5b24813a417 15592 admin optional 
libpod_3.0.1+dfsg1-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmCAn2MUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJstRqA/+KbhKKU+dST62cRnTv4HSEvWbHDk2

[pkg-go] Bug#987207: marked as done (Missing dependency on "iptables")

[Debian Bug Tracking System]

Your message dated Wed, 21 Apr 2021 22:19:04 +
with message-id 
and subject line Bug#987207: fixed in libpod 3.0.1+dfsg1-2
has caused the Debian Bug report #987207,
regarding Missing dependency on "iptables"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
987207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987207
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious

Hello,

After installing podman, I cannot run it as root out of the box as it
fails with:

ERRO[] [graphdriver] prior storage driver overlay failed: kernel does not 
support overlay fs: 'overlay' is not supported over extfs at 
"/var/lib/containers/storage/overlay": backing file system is unsupported for 
this graph driver
Error: kernel does not support overlay fs: 'overlay' is not supported over 
extfs at "/var/lib/containers/storage/overlay": backing file system is 
unsupported for this graph driver

Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:

https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf

I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage package),
but that file is apparently not read (strace only shows that the file in
/etc/containers is read) and anyway unlike in fedora:

1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless

Shouldn't debian do the same thing than fedora so everything works OOTB?

As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman tries to
read them:

[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json", 0xcee6b8, 
0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD, "/usr/share/containers/seccomp.json", 
0xcee788, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)

Shouldn't that file be shipped by default too?

Kind regards,
Laurent Bigonville

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages podman depends on:
ii  conmon   2.0.25+ds1-1
ii  containernetworking-plugins  0.9.0-1+b3
ii  golang-github-containers-common  0.35.4+ds1-1
ii  init-system-helpers  1.60
ii  libc62.31-11
ii  libdevmapper1.02.1   2:1.02.175-2.1
ii  libgpgme11   1.14.0-1+b2
ii  libseccomp2  2.5.1-1
ii  runc 1.0.0~rc93+ds1-3

Versions of packages podman recommends:
ii  buildah   1.20.0+ds1-1
ii  fuse-overlayfs1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b4
ii  slirp4netns   1.0.1-2
ii  tini  0.19.0-1
ii  uidmap1:4.8.1-1

Versions of packages podman suggests:
ii  containers-storage  1.24.8+dfsg1-1+b1
ii  docker-compose  1.25.0-1

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libpod
Source-Version: 3.0.1+dfsg1-2
Done: Reinhard Tartler 

We believe that the bug you reported is fixed in the latest version of
libpod, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 987...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler  (supplier of updated libpod package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please 

[pkg-go] Processing of libpod_3.0.1+dfsg1-2_source.changes

[Debian FTP Masters]

libpod_3.0.1+dfsg1-2_source.changes uploaded successfully to localhost
along with the files:
  libpod_3.0.1+dfsg1-2.dsc
  libpod_3.0.1+dfsg1-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] Bug#987207: podman not running out-of-the-box as root

[Reinhard Tartler]

Control: tag -1 pending
Control: severity -1 important
Control: retitle -1 Missing dependency on "iptables"

On Wed, Apr 21, 2021 at 6:07 AM Laurent Bigonville  wrote:

> So the problem here is, again, linked to the fact that I'm using a test
> SELinux policy that doesn't contain all the needed contexts, so yeah it's a
> mix of configuration issue and the fact that podman is not ignoring these
> errors if SELinux is in permissive. I'll ping upstream again.
>
Thanks, let's track this in #984879

> So the remaining problem here is iptables command not being installed (and
> the seccomp.json file missing to a lower extend)
>
Agreed.

-- 
regards,
Reinhard
___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] Processed: Re: Bug#987207: podman not running out-of-the-box as root

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #987207 [podman] podman not running out-of-the-box as root
Added tag(s) pending.
> severity -1 important
Bug #987207 [podman] podman not running out-of-the-box as root
Severity set to 'important' from 'serious'
> retitle -1 Missing dependency on "iptables"
Bug #987207 [podman] podman not running out-of-the-box as root
Changed Bug title to 'Missing dependency on "iptables"' from 'podman not 
running out-of-the-box as root'.

-- 
987207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987207
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] Processed: Bug#987207 marked as pending in libpod

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #987207 [podman] Missing dependency on "iptables"
Ignoring request to alter tags of bug #987207 to the same tags previously set

-- 
987207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987207
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] libpod_3.0.1+dfsg1-2_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 21 Apr 2021 17:36:07 -0400
Source: libpod
Architecture: source
Version: 3.0.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team 

Changed-By: Reinhard Tartler 
Closes: 985379 987207
Changes:
 libpod (3.0.1+dfsg1-2) unstable; urgency=medium
 .
   * Prefer crun over runc, Closes: #985379
   * Add depends in iptables, Closes: #987207
Checksums-Sha1:
 3d01152efe34ee7c44ccfbf2940e5d7fcaec057d 4941 libpod_3.0.1+dfsg1-2.dsc
 7f79272eb9d390b36fbeb6e6b614a6247261a294 15592 
libpod_3.0.1+dfsg1-2.debian.tar.xz
Checksums-Sha256:
 d3321bd2428c7d6c58c08f4886a3454cdd4b000778e24cbffbb835447fd52a8f 4941 
libpod_3.0.1+dfsg1-2.dsc
 1199de701625272f67e10f501d7e80aa3a9330aed73072152fd7cef333689219 15592 
libpod_3.0.1+dfsg1-2.debian.tar.xz
Files:
 9e36832ee01dce39b05d029fc2206433 4941 admin optional libpod_3.0.1+dfsg1-2.dsc
 65f77e5e3f54a757ceb0b5b24813a417 15592 admin optional 
libpod_3.0.1+dfsg1-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmCAn2MUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJstRqA/+KbhKKU+dST62cRnTv4HSEvWbHDk2
y2ESs5HdTFxcURzw8U2dvAxnGk9u/ypvyYGIj3ZlmaS9KEAJ9PYQnB8qGbG/19lm
VXG0fkrRhjDjqKyUuWES8xRyTBcfWsc30pVg67TdnzkJCQ8J5qWUkWI5iGFZR7/b
P8W1+Y7EnVq04HTS8dT9FF/7UY0pdxRFhPFe9TEPHT4mdKggS6jLOpE9qvWCqp3a
bw6eLJgwFg2W/SqTjMcxhqmzy7JsEzlL9zU4BFx0fB6Po0uNbTpyjP8Hg9v7u5kQ
Fp42LMcbo07d+nWmtxxd9JJ/KObJDo8rwB/krIMcOenPES/R3adqvnbGF8AaZJVQ
CUMf0XD0uVmXQhh7gvX++zueHkuWuXY9ePZYoPQKrX9/PMBkIlb0BvPH5qwXHLXe
hltCQvpsJ+KZvkPv7mTgDCaPOgPKj2l0fIjfa56NFAXARfKYtNWFzrhj0w+lbNol
lQpdcBwYtgXxKTPOZalhOUrcRPagFYCbqio1ZgSIy/aY9E/IBjWwyWb7dkgVWodt
EtTtdj2dHyIVm7rqrYdagIr6FgFGCUjNEARgWUllWCBYM6MZy5Zm/WAFv2I3i4Mn
QgXKe8+biFXXWA6RuaBOOg2Xi2XHBJJ2uk8n1Uvj8NhgTCvMm6ifH11Z/rypEBY9
eUFnKhH++wKVwnA=
=jl47
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] Bug#987207: podman not running out-of-the-box as root

[Laurent Bigonville]

Hello,

I just did a minimal test VM and... it indeed works...

I'll investigate why on my machine it's not working.

But, on the test VM, podman still fails because "iptables" is not 
installed, only "nft" is intalled by default now. So there is still a 
problem here.


Le 21/04/21 à 05:02, Reinhard Tartler a écrit :

Control: tag -1 moreinfo

Hi Laurent,

I've downloaded the Bullseye Alpha 3 debian installer and installed 
using kvm to have a super clean new system. Unfortunately, I was 
unable to reproduce the issue that you described below. (I did find 
some issues with rootless podman outside of a gnome-session, but 
that's a different story).


The symptoms sound a lot like described in this upstream bug: 
https://github.com/containers/podman/issues/5721 



Can you please compare your notes with that upstream bug? Can you 
confirm that the 'overlay' kernel module is loaded? (in my test, it 
was loaded automatically). If you still think this is an issue in the 
Debian package, please let me know. I may require your assistance with 
reproducing this issue.


-rt

On Mon, Apr 19, 2021 at 11:54 AM Laurent Bigonville > wrote:


Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious

Hello,

After installing podman, I cannot run it as root out of the box as it
fails with:

ERRO[] [graphdriver] prior storage driver overlay failed:
kernel does not support overlay fs: 'overlay' is not supported
over extfs at "/var/lib/containers/storage/overlay": backing file
system is unsupported for this graph driver
Error: kernel does not support overlay fs: 'overlay' is not
supported over extfs at "/var/lib/containers/storage/overlay":
backing file system is unsupported for this graph driver

Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:


https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf



I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage
package),
but that file is apparently not read (strace only shows that the
file in
/etc/containers is read) and anyway unlike in fedora:

1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless

Shouldn't debian do the same thing than fedora so everything works
OOTB?

As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman
tries to
read them:

[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json",
0xcee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD,
"/usr/share/containers/seccomp.json", 0xcee788, 0) = -1 ENOENT
(Aucun fichier ou dossier de ce type)

Shouldn't that file be shipped by default too?

Kind regards,
Laurent Bigonville

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages podman depends on:
ii  conmon                           2.0.25+ds1-1
ii  containernetworking-plugins      0.9.0-1+b3
ii  golang-github-containers-common  0.35.4+ds1-1
ii  init-system-helpers            

  1.60
ii  libc6                

            2.31-11
ii  libdevmapper1.02.1            

   2:1.02.175-2.1
ii  libgpgme11              

         1.14.0-1+b2
ii  libseccomp2              

        2.5.1-1
ii  runc                

             1.0.0~rc93+ds1-3


Versions of packages podman recommends:
ii  buildah  1.20.0+ds1-1
ii  fuse-overlayfs 1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname 1.1.1+ds1-4+b4
ii  slirp4netns  1.0.1-2
ii  tini 0.19.0-1
ii  uidmap 1:4.8.1-1

Versions of packages podman suggests:
ii  containers-storage  1.24.8+dfsg1-1+b1
ii  docker-compose      1.25.0-1

-- no debconf information



--
regards,
    Reinhard
___
Pkg-go-maintainers mailing list

[pkg-go] Bug#987207: podman not running out-of-the-box as root

[Laurent Bigonville]

Hello,

So the problem here is, again, linked to the fact that I'm using a test 
SELinux policy that doesn't contain all the needed contexts, so yeah 
it's a mix of configuration issue and the fact that podman is not 
ignoring these errors if SELinux is in permissive. I'll ping upstream again.


So the remaining problem here is iptables command not being installed 
(and the seccomp.json file missing to a lower extend)


Le 21/04/21 à 10:21, Laurent Bigonville a écrit :


Hello,

I just did a minimal test VM and... it indeed works...

I'll investigate why on my machine it's not working.

But, on the test VM, podman still fails because "iptables" is not 
installed, only "nft" is intalled by default now. So there is still a 
problem here.


Le 21/04/21 à 05:02, Reinhard Tartler a écrit :

Control: tag -1 moreinfo

Hi Laurent,

I've downloaded the Bullseye Alpha 3 debian installer and installed 
using kvm to have a super clean new system. Unfortunately, I was 
unable to reproduce the issue that you described below. (I did find 
some issues with rootless podman outside of a gnome-session, but 
that's a different story).


The symptoms sound a lot like described in this upstream bug: 
https://github.com/containers/podman/issues/5721 



Can you please compare your notes with that upstream bug? Can you 
confirm that the 'overlay' kernel module is loaded? (in my test, it 
was loaded automatically). If you still think this is an issue in the 
Debian package, please let me know. I may require your assistance 
with reproducing this issue.


-rt

On Mon, Apr 19, 2021 at 11:54 AM Laurent Bigonville > wrote:


Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious

Hello,

After installing podman, I cannot run it as root out of the box as it
fails with:

ERRO[] [graphdriver] prior storage driver overlay failed:
kernel does not support overlay fs: 'overlay' is not supported
over extfs at "/var/lib/containers/storage/overlay": backing file
system is unsupported for this graph driver
Error: kernel does not support overlay fs: 'overlay' is not
supported over extfs at "/var/lib/containers/storage/overlay":
backing file system is unsupported for this graph driver

Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:


https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf



I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage
package),
but that file is apparently not read (strace only shows that the
file in
/etc/containers is read) and anyway unlike in fedora:

1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless

Shouldn't debian do the same thing than fedora so everything
works OOTB?

As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman
tries to
read them:

[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json",
0xcee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD,
"/usr/share/containers/seccomp.json", 0xcee788, 0) = -1
ENOENT (Aucun fichier ou dossier de ce type)

Shouldn't that file be shipped by default too?

Kind regards,
Laurent Bigonville

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages podman depends on:
ii  conmon                           2.0.25+ds1-1
ii  containernetworking-plugins      0.9.0-1+b3
ii  golang-github-containers-common  0.35.4+ds1-1
ii  init-system-helpers              1.60
ii  libc6                            2.31-11
ii  libdevmapper1.02.1               2:1.02.175-2.1
ii  libgpgme11                       1.14.0-1+b2
ii  libseccomp2                      2.5.1-1
ii  runc                             1.0.0~rc93+ds1-3

Versions of packages podman recommends:
ii  buildah  1.20.0+ds1-1
ii