Tweet
Hi,
We run CloudLinux 8.10 without control panel on pretty much all our hosting and it works great! However, I've been exploring running Podman as a non-root user on Cloudlinux and I'm running into undocumented errors that do not seem to happen on other OS, so I find myself at a loss.
I'm trying to run Podman 4.9.4-rhel with runc 1.1.12 . I've created an user with cagefs disabled and set lve to unlimited. I am able to call podman and runc on the command line. However, when I try to start up a container, I get the following error:
Error: OCI runtime error: runc: you have no read access to runc binary file
runc create failed: unable to start container process: waiting for init preliminary setup: read init-p: connection reset by peer
Afaik though, I DO have access to the runc binary from the user. While I've delved into strace log when booting the container, I haven't been able to find out what's exactly missing for runc to start properly. My best guess is that the error message is wrong and something else is blocking.
So, I must ask, is rootless Podman compatible with CloudLinux? Or is there a security feature that fundamentally breaks rootless Podman?
We run CloudLinux 8.10 without control panel on pretty much all our hosting and it works great! However, I've been exploring running Podman as a non-root user on Cloudlinux and I'm running into undocumented errors that do not seem to happen on other OS, so I find myself at a loss.
I'm trying to run Podman 4.9.4-rhel with runc 1.1.12 . I've created an user with cagefs disabled and set lve to unlimited. I am able to call podman and runc on the command line. However, when I try to start up a container, I get the following error:
Error: OCI runtime error: runc: you have no read access to runc binary file
runc create failed: unable to start container process: waiting for init preliminary setup: read init-p: connection reset by peer
Afaik though, I DO have access to the runc binary from the user. While I've delved into strace log when booting the container, I haven't been able to find out what's exactly missing for runc to start properly. My best guess is that the error message is wrong and something else is blocking.
So, I must ask, is rootless Podman compatible with CloudLinux? Or is there a security feature that fundamentally breaks rootless Podman?