Closed adelton closed 3 months ago
A friendly reminder that this issue had no activity for 30 days.
@giuseppe Ideas?
you need to configure the cgroup for the nested container by yourself, since there is not systemd inside the outer container to do it for us:
$ podman run --rm -ti --privileged -h container quay.io/podman/stable
# mkdir /sys/fs/cgroup/init
# echo 1 > /sys/fs/cgroup/init/cgroup.procs
# chown -R podman:podman /sys/fs/cgroup/
# rm -f /etc/containers/containers.conf
# runuser -u podman -- podman run --rm -ti --privileged -h nested registry.fedoraproject.org/fedora ls -ld /sys/fs/cgroup
drwxr-xr-x. 2 root root 0 Jun 17 10:19 /sys/fs/cgroup
Issue Description
I try to fully grasp all the possible combinations of cgroups behaviour that can happen with podman, so I run possibly strange combination of tests.
When I have a privileged rootless podman container and I run a rootless podman container it in, the
/sys/fs/cgroup
is mountedrw
there but owned bynobody
(meaning like the root in the parent containre), leading toPermission denied
.Steps to reproduce the issue
Steps to reproduce the issue
quay.io/podman/stable
container:quay.io/podman/stable
image:podman
user in that container, run a privileged container in that privileged container:Describe the results you received
Describe the results you expected
No error.
I wonder if this is podman equivalent of CRI-O's https://github.com/cri-o/cri-o/issues/7623?
podman info output
Podman in a container
Yes
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
None.
Additional information
This is deterministic.