search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.16k stars 2.36k forks source link

Error response from daemon: crun: mount `sysfs` to `sys`: Operation not permitted: OCI permission denied - not sure what to do #21680

Open virzak opened 7 months ago

virzak commented 7 months ago

Issue Description

I'm getting

Error response from daemon: crun: mount sysfs to sys: Operation not permitted: OCI permission denied

No idea how to avoid, debug or which error logs I need to look into

Steps to reproduce the issue

Steps to reproduce the issue

  1. install podman
  2. podman machine init
  3. podman machine set --rootful
  4. podman machine start
  5. choco install docker-compose -y
  6. add C:\ProgramData\Docker\cli-plugins to path
  7. git clone git@github.com:microsoft/vscode-remote-try-sqlserver.git
  8. podman compose up from .devcontainer directory
  9. Alternatively to previous step run this by opening VS Code

Describe the results you received

Successfully tagged docker.io/library/devcontainer-app:latest
fe408a709f8f67e2510d760cb1c7dd0977e8f409e20640f166762332b4d79846
Successfully built fe408a709f8f
Successfully tagged devcontainer-app
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.
[+] Running 2/2
 ✔ Container devcontainer-db-1   Created                                                                                                       0.1s
 ✔ Container devcontainer-app-1  Created                                                                                                       1.4s
Attaching to app-1, db-1
db-1   | SQL Server 2022 will run as non-root by default.
db-1   | This container is running as user mssql.
db-1   | To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
Gracefully stopping... (press Ctrl+C again to force)
Error response from daemon: crun: mount `sysfs` to `sys`: Operation not permitted: OCI permission denied
Error: executing C:\ProgramData\Docker\cli-plugins\docker-compose.exe up: exit status 1

Describe the results you expected

The container should have started.

podman info output

<details>

  🚀  podman compose up
>>>> Executing external compose provider "C:\\ProgramData\\Docker\\cli-plugins\\docker-compose.exe". Please refer to the documentation for details. <<<<

Sending build context to Docker daemon  3.316kB
STEP 1/7: FROM mcr.microsoft.com/devcontainers/dotnet:8.0-bookworm
STEP 2/7: ENV PATH $PATH:/home/vscode/.dotnet:/home/vscode/.dotnet/tools
--> 9f698d0908c9
STEP 3/7: ARG NODE_VERSION="none"
--> 787879070a47
STEP 4/7: RUN if [ "${NODE_VERSION}" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi
--> 0a6474b01985
STEP 5/7: COPY mssql/installSQLtools.sh installSQLtools.sh
--> 19e94b7cd894
STEP 6/7: RUN bash ./installSQLtools.sh      && apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/library-scripts
Installing mssql-tools
Get:1 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Get:2 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm InRelease [3617 B]
Get:3 https://dl.yarnpkg.com/debian stable/main amd64 Packages [10.9 kB]
Get:4 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:5 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:6 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:7 https://dl.yarnpkg.com/debian stable/main all Packages [10.9 kB]
Get:8 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main amd64 Packages [28.8 kB]
Get:9 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main all Packages [342 B]
Get:10 http://deb.debian.org/debian bookworm/main amd64 Packages [8786 kB]
Get:11 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [12.7 kB]
Get:12 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [138 kB]
Fetched 9260 kB in 1s (8058 kB/s)
Reading package lists...
W: https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
Reading package lists...
Building dependency tree...
Reading state information...
libunwind8 is already the newest version (1.6.2-3).
libunwind8 set to manually installed.
The following additional packages will be installed:
  libltdl7 libodbc2 libodbccr2 libodbcinst2 odbcinst unixodbc unixodbc-common
Suggested packages:
  odbc-postgresql tdsodbc
The following NEW packages will be installed:
  libltdl7 libodbc2 libodbccr2 libodbcinst2 msodbcsql17 mssql-tools odbcinst
  unixodbc unixodbc-common unixodbc-dev
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 1834 kB of archives.
After this operation, 3017 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 libltdl7 amd64 2.4.7-5 [393 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 libodbc2 amd64 2.3.11-2+deb12u1 [150 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libodbccr2 amd64 2.3.11-2+deb12u1 [17.7 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 unixodbc-common all 2.3.11-2+deb12u1 [8172 B]
Get:5 http://deb.debian.org/debian bookworm/main amd64 libodbcinst2 amd64 2.3.11-2+deb12u1 [34.2 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 odbcinst amd64 2.3.11-2+deb12u1 [12.1 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 unixodbc amd64 2.3.11-2+deb12u1 [28.0 kB]
Get:8 http://deb.debian.org/debian bookworm/main amd64 unixodbc-dev amd64 2.3.11-2+deb12u1 [231 kB]
Get:9 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main amd64 msodbcsql17 amd64 17.10.5.1-1 [749 kB]
Get:10 https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm/main amd64 mssql-tools amd64 17.10.1.1-1 [211 kB]
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin:
Fetched 1834 kB in 0s (19.1 MB/s)
Selecting previously unselected package libltdl7:amd64.
(Reading database ... 22748 files and directories currently installed.)
Preparing to unpack .../0-libltdl7_2.4.7-5_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.7-5) ...
Selecting previously unselected package libodbc2:amd64.
Preparing to unpack .../1-libodbc2_2.3.11-2+deb12u1_amd64.deb ...
Unpacking libodbc2:amd64 (2.3.11-2+deb12u1) ...
Selecting previously unselected package libodbccr2:amd64.
Preparing to unpack .../2-libodbccr2_2.3.11-2+deb12u1_amd64.deb ...
Unpacking libodbccr2:amd64 (2.3.11-2+deb12u1) ...
Selecting previously unselected package unixodbc-common.
Preparing to unpack .../3-unixodbc-common_2.3.11-2+deb12u1_all.deb ...
Unpacking unixodbc-common (2.3.11-2+deb12u1) ...
Selecting previously unselected package libodbcinst2:amd64.
Preparing to unpack .../4-libodbcinst2_2.3.11-2+deb12u1_amd64.deb ...
Unpacking libodbcinst2:amd64 (2.3.11-2+deb12u1) ...
Selecting previously unselected package odbcinst.
Preparing to unpack .../5-odbcinst_2.3.11-2+deb12u1_amd64.deb ...
Unpacking odbcinst (2.3.11-2+deb12u1) ...
Selecting previously unselected package unixodbc.
Preparing to unpack .../6-unixodbc_2.3.11-2+deb12u1_amd64.deb ...
Unpacking unixodbc (2.3.11-2+deb12u1) ...
Selecting previously unselected package unixodbc-dev:amd64.
Preparing to unpack .../7-unixodbc-dev_2.3.11-2+deb12u1_amd64.deb ...
Unpacking unixodbc-dev:amd64 (2.3.11-2+deb12u1) ...
Selecting previously unselected package msodbcsql17.
Preparing to unpack .../8-msodbcsql17_17.10.5.1-1_amd64.deb ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
Unpacking msodbcsql17 (17.10.5.1-1) ...
Selecting previously unselected package mssql-tools.
Preparing to unpack .../9-mssql-tools_17.10.1.1-1_amd64.deb ...
Unpacking mssql-tools (17.10.1.1-1) ...
Setting up unixodbc-common (2.3.11-2+deb12u1) ...
Setting up libltdl7:amd64 (2.4.7-5) ...
Setting up libodbc2:amd64 (2.3.11-2+deb12u1) ...
Setting up libodbccr2:amd64 (2.3.11-2+deb12u1) ...
Setting up libodbcinst2:amd64 (2.3.11-2+deb12u1) ...
Setting up odbcinst (2.3.11-2+deb12u1) ...
Setting up unixodbc (2.3.11-2+deb12u1) ...
Setting up msodbcsql17 (17.10.5.1-1) ...
odbcinst: Driver installed. Usage count increased to 1.
    Target directory is /etc
Setting up unixodbc-dev:amd64 (2.3.11-2+deb12u1) ...
Setting up mssql-tools (17.10.1.1-1) ...
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Teletype
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u4) ...
Installing sqlpackage
Archive:  sqlpackage.zip
  inflating: /opt/sqlpackage/Azure.Core.dll
  inflating: /opt/sqlpackage/Azure.Identity.dll
  inflating: /opt/sqlpackage/Azure.Security.KeyVault.Keys.dll
  inflating: /opt/sqlpackage/createdump
  inflating: /opt/sqlpackage/libclrjit.so
  inflating: /opt/sqlpackage/libcoreclr.so
  inflating: /opt/sqlpackage/libcoreclrtraceptprovider.so
  inflating: /opt/sqlpackage/libdbgshim.so
  inflating: /opt/sqlpackage/libhostfxr.so
  inflating: /opt/sqlpackage/libhostpolicy.so
  inflating: /opt/sqlpackage/libmscordaccore.so
  inflating: /opt/sqlpackage/libmscordbi.so
  inflating: /opt/sqlpackage/libSystem.Globalization.Native.so
  inflating: /opt/sqlpackage/libSystem.IO.Compression.Native.so
  inflating: /opt/sqlpackage/libSystem.Native.so
  inflating: /opt/sqlpackage/libSystem.Net.Security.Native.so
  inflating: /opt/sqlpackage/libSystem.Security.Cryptography.Native.OpenSsl.so
  inflating: /opt/sqlpackage/Microsoft.ApplicationInsights.dll
  inflating: /opt/sqlpackage/Microsoft.Bcl.AsyncInterfaces.dll
  inflating: /opt/sqlpackage/Microsoft.Build.dll
  inflating: /opt/sqlpackage/Microsoft.Build.Framework.dll
  inflating: /opt/sqlpackage/Microsoft.Build.Utilities.Core.dll
  inflating: /opt/sqlpackage/Microsoft.CSharp.dll
  inflating: /opt/sqlpackage/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.dll
  inflating: /opt/sqlpackage/Microsoft.Data.SqlClient.dll
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Schema.Sql.dll
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Schema.Sql.pdb
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Schema.Sql.xml
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Utilities.dll
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Utilities.pdb
  inflating: /opt/sqlpackage/Microsoft.Data.Tools.Utilities.xml
  inflating: /opt/sqlpackage/Microsoft.Extensions.Caching.Abstractions.dll
  inflating: /opt/sqlpackage/Microsoft.Extensions.Caching.Memory.dll
  inflating: /opt/sqlpackage/Microsoft.Extensions.DependencyInjection.Abstractions.dll
  inflating: /opt/sqlpackage/Microsoft.Extensions.Logging.Abstractions.dll
  inflating: /opt/sqlpackage/Microsoft.Extensions.Options.dll
  inflating: /opt/sqlpackage/Microsoft.Extensions.Primitives.dll
  inflating: /opt/sqlpackage/Microsoft.Identity.Client.dll
  inflating: /opt/sqlpackage/Microsoft.Identity.Client.Extensions.Msal.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.Abstractions.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.JsonWebTokens.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.Logging.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.Protocols.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
  inflating: /opt/sqlpackage/Microsoft.IdentityModel.Tokens.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.Extensions.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.Extensions.pdb
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.Extensions.xml
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.pdb
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Dac.xml
  inflating: /opt/sqlpackage/Microsoft.SqlServer.DacAzureExtensions.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.DacAzureExtensions.pdb
  inflating: /opt/sqlpackage/Microsoft.SqlServer.DacAzureExtensions.xml
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Server.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.TransactSql.ScriptDom.dll
  inflating: /opt/sqlpackage/Microsoft.SqlServer.Types.dll
  inflating: /opt/sqlpackage/Microsoft.VisualBasic.Core.dll
  inflating: /opt/sqlpackage/Microsoft.VisualBasic.dll
  inflating: /opt/sqlpackage/Microsoft.Win32.Primitives.dll
  inflating: /opt/sqlpackage/Microsoft.Win32.Registry.dll
  inflating: /opt/sqlpackage/Microsoft.Win32.SystemEvents.dll
  inflating: /opt/sqlpackage/mscorlib.dll
  inflating: /opt/sqlpackage/netstandard.dll
  inflating: /opt/sqlpackage/sqlpackage
  inflating: /opt/sqlpackage/sqlpackage.deps.json
  inflating: /opt/sqlpackage/sqlpackage.dll
  inflating: /opt/sqlpackage/sqlpackage.pdb
  inflating: /opt/sqlpackage/sqlpackage.runtimeconfig.json
  inflating: /opt/sqlpackage/sqlpackage.xml
  inflating: /opt/sqlpackage/System.AppContext.dll
  inflating: /opt/sqlpackage/System.Buffers.dll
  inflating: /opt/sqlpackage/System.Collections.Concurrent.dll
  inflating: /opt/sqlpackage/System.Collections.dll
  inflating: /opt/sqlpackage/System.Collections.Immutable.dll
  inflating: /opt/sqlpackage/System.Collections.NonGeneric.dll
  inflating: /opt/sqlpackage/System.Collections.Specialized.dll
  inflating: /opt/sqlpackage/System.ComponentModel.Annotations.dll
  inflating: /opt/sqlpackage/System.ComponentModel.Composition.dll
  inflating: /opt/sqlpackage/System.ComponentModel.DataAnnotations.dll
  inflating: /opt/sqlpackage/System.ComponentModel.dll
  inflating: /opt/sqlpackage/System.ComponentModel.EventBasedAsync.dll
  inflating: /opt/sqlpackage/System.ComponentModel.Primitives.dll
  inflating: /opt/sqlpackage/System.ComponentModel.TypeConverter.dll
  inflating: /opt/sqlpackage/System.Configuration.ConfigurationManager.dll
  inflating: /opt/sqlpackage/System.Configuration.dll
  inflating: /opt/sqlpackage/System.Console.dll
  inflating: /opt/sqlpackage/System.Core.dll
  inflating: /opt/sqlpackage/System.Data.Common.dll
  inflating: /opt/sqlpackage/System.Data.DataSetExtensions.dll
  inflating: /opt/sqlpackage/System.Data.dll
  inflating: /opt/sqlpackage/System.Diagnostics.Contracts.dll
  inflating: /opt/sqlpackage/System.Diagnostics.Debug.dll
  inflating: /opt/sqlpackage/System.Diagnostics.DiagnosticSource.dll
  inflating: /opt/sqlpackage/System.Diagnostics.FileVersionInfo.dll
  inflating: /opt/sqlpackage/System.Diagnostics.Process.dll
  inflating: /opt/sqlpackage/System.Diagnostics.StackTrace.dll
  inflating: /opt/sqlpackage/System.Diagnostics.TextWriterTraceListener.dll
  inflating: /opt/sqlpackage/System.Diagnostics.Tools.dll
  inflating: /opt/sqlpackage/System.Diagnostics.TraceSource.dll
  inflating: /opt/sqlpackage/System.Diagnostics.Tracing.dll
  inflating: /opt/sqlpackage/System.dll
  inflating: /opt/sqlpackage/System.Drawing.Common.dll
  inflating: /opt/sqlpackage/System.Drawing.dll
  inflating: /opt/sqlpackage/System.Drawing.Primitives.dll
  inflating: /opt/sqlpackage/System.Dynamic.Runtime.dll
  inflating: /opt/sqlpackage/System.Formats.Asn1.dll
  inflating: /opt/sqlpackage/System.Globalization.Calendars.dll
  inflating: /opt/sqlpackage/System.Globalization.dll
  inflating: /opt/sqlpackage/System.Globalization.Extensions.dll
  inflating: /opt/sqlpackage/System.IdentityModel.Tokens.Jwt.dll
  inflating: /opt/sqlpackage/System.IO.Compression.Brotli.dll
  inflating: /opt/sqlpackage/System.IO.Compression.dll
  inflating: /opt/sqlpackage/System.IO.Compression.FileSystem.dll
  inflating: /opt/sqlpackage/System.IO.Compression.ZipFile.dll
  inflating: /opt/sqlpackage/System.IO.dll
  inflating: /opt/sqlpackage/System.IO.FileSystem.AccessControl.dll
  inflating: /opt/sqlpackage/System.IO.FileSystem.dll
  inflating: /opt/sqlpackage/System.IO.FileSystem.DriveInfo.dll
  inflating: /opt/sqlpackage/System.IO.FileSystem.Primitives.dll
  inflating: /opt/sqlpackage/System.IO.FileSystem.Watcher.dll
  inflating: /opt/sqlpackage/System.IO.IsolatedStorage.dll
  inflating: /opt/sqlpackage/System.IO.MemoryMappedFiles.dll
  inflating: /opt/sqlpackage/System.IO.Packaging.dll
  inflating: /opt/sqlpackage/System.IO.Pipes.AccessControl.dll
  inflating: /opt/sqlpackage/System.IO.Pipes.dll
  inflating: /opt/sqlpackage/System.IO.UnmanagedMemoryStream.dll
  inflating: /opt/sqlpackage/System.Linq.dll
  inflating: /opt/sqlpackage/System.Linq.Expressions.dll
  inflating: /opt/sqlpackage/System.Linq.Parallel.dll
  inflating: /opt/sqlpackage/System.Linq.Queryable.dll
  inflating: /opt/sqlpackage/System.Memory.Data.dll
  inflating: /opt/sqlpackage/System.Memory.dll
  inflating: /opt/sqlpackage/System.Net.dll
  inflating: /opt/sqlpackage/System.Net.Http.dll
  inflating: /opt/sqlpackage/System.Net.Http.Json.dll
  inflating: /opt/sqlpackage/System.Net.HttpListener.dll
  inflating: /opt/sqlpackage/System.Net.Mail.dll
  inflating: /opt/sqlpackage/System.Net.NameResolution.dll
  inflating: /opt/sqlpackage/System.Net.NetworkInformation.dll
  inflating: /opt/sqlpackage/System.Net.Ping.dll
  inflating: /opt/sqlpackage/System.Net.Primitives.dll
  inflating: /opt/sqlpackage/System.Net.Quic.dll
  inflating: /opt/sqlpackage/System.Net.Requests.dll
  inflating: /opt/sqlpackage/System.Net.Security.dll
  inflating: /opt/sqlpackage/System.Net.ServicePoint.dll
  inflating: /opt/sqlpackage/System.Net.Sockets.dll
  inflating: /opt/sqlpackage/System.Net.WebClient.dll
  inflating: /opt/sqlpackage/System.Net.WebHeaderCollection.dll
  inflating: /opt/sqlpackage/System.Net.WebProxy.dll
  inflating: /opt/sqlpackage/System.Net.WebSockets.Client.dll
  inflating: /opt/sqlpackage/System.Net.WebSockets.dll
  inflating: /opt/sqlpackage/System.Numerics.dll
  inflating: /opt/sqlpackage/System.Numerics.Vectors.dll
  inflating: /opt/sqlpackage/System.ObjectModel.dll
  inflating: /opt/sqlpackage/System.Private.CoreLib.dll
  inflating: /opt/sqlpackage/System.Private.DataContractSerialization.dll
  inflating: /opt/sqlpackage/System.Private.Uri.dll
  inflating: /opt/sqlpackage/System.Private.Xml.dll
  inflating: /opt/sqlpackage/System.Private.Xml.Linq.dll
  inflating: /opt/sqlpackage/System.Reflection.DispatchProxy.dll
  inflating: /opt/sqlpackage/System.Reflection.dll
  inflating: /opt/sqlpackage/System.Reflection.Emit.dll
  inflating: /opt/sqlpackage/System.Reflection.Emit.ILGeneration.dll
  inflating: /opt/sqlpackage/System.Reflection.Emit.Lightweight.dll
  inflating: /opt/sqlpackage/System.Reflection.Extensions.dll
  inflating: /opt/sqlpackage/System.Reflection.Metadata.dll
  inflating: /opt/sqlpackage/System.Reflection.Primitives.dll
  inflating: /opt/sqlpackage/System.Reflection.TypeExtensions.dll
  inflating: /opt/sqlpackage/System.Resources.Extensions.dll
  inflating: /opt/sqlpackage/System.Resources.Reader.dll
  inflating: /opt/sqlpackage/System.Resources.ResourceManager.dll
  inflating: /opt/sqlpackage/System.Resources.Writer.dll
  inflating: /opt/sqlpackage/System.Runtime.Caching.dll
  inflating: /opt/sqlpackage/System.Runtime.CompilerServices.Unsafe.dll
  inflating: /opt/sqlpackage/System.Runtime.CompilerServices.VisualC.dll
  inflating: /opt/sqlpackage/System.Runtime.dll
  inflating: /opt/sqlpackage/System.Runtime.Extensions.dll
  inflating: /opt/sqlpackage/System.Runtime.Handles.dll
  inflating: /opt/sqlpackage/System.Runtime.InteropServices.dll
  inflating: /opt/sqlpackage/System.Runtime.InteropServices.RuntimeInformation.dll
  inflating: /opt/sqlpackage/System.Runtime.Intrinsics.dll
  inflating: /opt/sqlpackage/System.Runtime.Loader.dll
  inflating: /opt/sqlpackage/System.Runtime.Numerics.dll
  inflating: /opt/sqlpackage/System.Runtime.Serialization.dll
  inflating: /opt/sqlpackage/System.Runtime.Serialization.Formatters.dll
  inflating: /opt/sqlpackage/System.Runtime.Serialization.Json.dll
  inflating: /opt/sqlpackage/System.Runtime.Serialization.Primitives.dll
  inflating: /opt/sqlpackage/System.Runtime.Serialization.Xml.dll
  inflating: /opt/sqlpackage/System.Security.AccessControl.dll
  inflating: /opt/sqlpackage/System.Security.Claims.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.Algorithms.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.Cng.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.Csp.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.Encoding.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.OpenSsl.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.Primitives.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.ProtectedData.dll
  inflating: /opt/sqlpackage/System.Security.Cryptography.X509Certificates.dll
  inflating: /opt/sqlpackage/System.Security.dll
  inflating: /opt/sqlpackage/System.Security.Permissions.dll
  inflating: /opt/sqlpackage/System.Security.Principal.dll
  inflating: /opt/sqlpackage/System.Security.Principal.Windows.dll
  inflating: /opt/sqlpackage/System.Security.SecureString.dll
  inflating: /opt/sqlpackage/System.ServiceModel.Web.dll
  inflating: /opt/sqlpackage/System.ServiceProcess.dll
  inflating: /opt/sqlpackage/System.Text.Encoding.CodePages.dll
  inflating: /opt/sqlpackage/System.Text.Encoding.dll
  inflating: /opt/sqlpackage/System.Text.Encoding.Extensions.dll
  inflating: /opt/sqlpackage/System.Text.Encodings.Web.dll
  inflating: /opt/sqlpackage/System.Text.Json.dll
  inflating: /opt/sqlpackage/System.Text.RegularExpressions.dll
  inflating: /opt/sqlpackage/System.Threading.Channels.dll
  inflating: /opt/sqlpackage/System.Threading.dll
  inflating: /opt/sqlpackage/System.Threading.Overlapped.dll
  inflating: /opt/sqlpackage/System.Threading.Tasks.Dataflow.dll
  inflating: /opt/sqlpackage/System.Threading.Tasks.dll
  inflating: /opt/sqlpackage/System.Threading.Tasks.Extensions.dll
  inflating: /opt/sqlpackage/System.Threading.Tasks.Parallel.dll
  inflating: /opt/sqlpackage/System.Threading.Thread.dll
  inflating: /opt/sqlpackage/System.Threading.ThreadPool.dll
  inflating: /opt/sqlpackage/System.Threading.Timer.dll
  inflating: /opt/sqlpackage/System.Transactions.dll
  inflating: /opt/sqlpackage/System.Transactions.Local.dll
  inflating: /opt/sqlpackage/System.ValueTuple.dll
  inflating: /opt/sqlpackage/System.Web.dll
  inflating: /opt/sqlpackage/System.Web.HttpUtility.dll
  inflating: /opt/sqlpackage/System.Windows.dll
  inflating: /opt/sqlpackage/System.Windows.Extensions.dll
  inflating: /opt/sqlpackage/System.Xml.dll
  inflating: /opt/sqlpackage/System.Xml.Linq.dll
  inflating: /opt/sqlpackage/System.Xml.ReaderWriter.dll
  inflating: /opt/sqlpackage/System.Xml.Serialization.dll
  inflating: /opt/sqlpackage/System.Xml.XDocument.dll
  inflating: /opt/sqlpackage/System.Xml.XmlDocument.dll
  inflating: /opt/sqlpackage/System.Xml.XmlSerializer.dll
  inflating: /opt/sqlpackage/System.Xml.XPath.dll
  inflating: /opt/sqlpackage/System.Xml.XPath.XDocument.dll
  inflating: /opt/sqlpackage/WindowsBase.dll
  inflating: /opt/sqlpackage/LICENSE.TXT
--> a01dfa6ed2c8
STEP 7/7: LABEL "com.docker.compose.image.builder"="classic"
COMMIT docker.io/library/devcontainer-app
--> fe408a709f8f
[Warning] one or more build args were not consumed: [DOCKER_BUILDKIT]
Successfully tagged docker.io/library/devcontainer-app:latest
fe408a709f8f67e2510d760cb1c7dd0977e8f409e20640f166762332b4d79846
Successfully built fe408a709f8f
Successfully tagged devcontainer-app
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.
[+] Running 2/2
 ✔ Container devcontainer-db-1   Created                                                                                                       0.1s
 ✔ Container devcontainer-app-1  Created                                                                                                       1.4s
Attaching to app-1, db-1
db-1   | SQL Server 2022 will run as non-root by default.
db-1   | This container is running as user mssql.
db-1   | To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
Gracefully stopping... (press Ctrl+C again to force)
Error response from daemon: crun: mount `sysfs` to `sys`: Operation not permitted: OCI permission denied
Error: executing C:\ProgramData\Docker\cli-plugins\docker-compose.exe up: exit status 1



### Podman in a container

No

### Privileged Or Rootless

Privileged

### Upstream Latest Release

Yes

### Additional environment details

Additional environment details

### Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
github-actions[bot] commented 6 months ago

A friendly reminder that this issue had no activity for 30 days.

jobcespedes commented 2 months ago

Same message when using --userns=keep-id, podman version --userns=keep-id

rhatdan commented 2 months ago

Please submit podman info

jobcespedes commented 2 months ago

Please submit podman info

host:
  arch: arm64
  buildahVersion: 1.36.0
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc40.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 99.83
    systemPercent: 0.09
    userPercent: 0.09
  cpus: 2
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "40"
  eventLogger: journald
  freeLocks: 2048
  hostname: dev-kaws-us-east-1-lms-01-lb-instance-01
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.8.11-300.fc40.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 153567232
  memTotal: 946298880
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.11.0-1.fc40.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0
    package: netavark-1.11.0-1.fc40.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.11.0
  ociRuntime:
    name: crun
    package: crun-1.15-1.fc40.aarch64
    path: /usr/bin/crun
    version: |-
      crun version 1.15
      commit: e6eacaf4034e84185fd8780ac9262bbf57082278
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240510.g7288448-1.fc40.aarch64
    version: |
      pasta 0^20240510.g7288448-1.fc40.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: false
    path: /run/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-2.fc40.aarch64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.5
  swapFree: 0
  swapTotal: 0
  uptime: 11h 5m 11.00s (Approximately 0.46 days)
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.imagestore: /usr/lib/containers/storage
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 10132369408
  graphRootUsed: 2901696512
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 9
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.1.0
  Built: 1716940800
  BuiltTime: Tue May 28 18:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.3
  Os: linux
  OsArch: linux/arm64
  Version: 5.1.0

--userns is being used in following podman systemd unit:

[Unit]
Description=Podman container-keepalived.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

# User-defined dependencies
After=keepalived-image-build.service
Requires=keepalived-image-build.service

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
RestartSec=15
TimeoutStartSec=180
TimeoutStopSec=90
ExecStart=/usr/bin/podman run \
        --cidfile=%t/%n.ctr-id \
        --cgroups=no-conmon \
        --rm \
        --sdnotify=conmon \
        -d \
        --replace \
        --pull never \
        --stop-timeout 30 \
        --cap-add=NET_ADMIN \
        --cap-add=NET_BROADCAST \
        --cap-add=NET_RAW \
        --net=host \
        --user=1001 \
        --userns=keep-id \
        --volume /etc/keepalived/keepalived.conf:/etc/keepalived/keepalived.conf:ro \
        --volume /etc/keepalived/tls:/etc/keepalived/tls:ro \
        --name keepalived keepalived
ExecStop=/usr/bin/podman stop \
        --ignore -t 30 \
        --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm \
        -f \
        --ignore -t 30 \
        --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target

Notes:

  1. Adding --tmpfs /sys changes type of error
  2. Not using --userns at all got me the same functionality I was looking for, without error: container user id 1001 can access files from host user id 1001
rhatdan commented 2 months ago

Is the user running the command UID=1001?

If you run /usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ --rm \ --sdnotify=conmon \ -d \ --replace \ --pull never \ --stop-timeout 30 \ --cap-add=NET_ADMIN \ --cap-add=NET_BROADCAST \ --cap-add=NET_RAW \ --net=host \ --user=1001 \ --userns=keep-id \ --volume /etc/keepalived/keepalived.conf:/etc/keepalived/keepalived.conf:ro \ --volume /etc/keepalived/tls:/etc/keepalived/tls:ro \ --name keepalived keepalived

By hand when logged in, does it work?

jobcespedes commented 2 months ago

Is the user running the command UID=1001?

No. It is root (0) running the systemd unit

By hand when logged in, does it work?

No. It is the same error

rhatdan commented 1 month ago

@giuseppe ideas?

giuseppe commented 1 month ago

Can you show me the output of cat /proc/self/mountinfo?

Also, could you try without --net host? With --net host, you could simply bind mount /sys from the host

jobcespedes commented 1 month ago

Can you show me the output of cat /proc/self/mountinfo?

67 70 259:4 / /sysroot ro,relatime - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
70 1 259:4 /ostree/deploy/fedora-coreos/deploy/c8f502b11881597a1386a090a80f6eb680871a9afc4c625796f2ae0f6a1bf7c4.0 / rw,relatime shared:1 - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
71 70 259:4 /ostree/deploy/fedora-coreos/deploy/c8f502b11881597a1386a090a80f6eb680871a9afc4c625796f2ae0f6a1bf7c4.0/etc /etc rw,relatime shared:2 - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
72 70 259:4 /ostree/deploy/fedora-coreos/deploy/c8f502b11881597a1386a090a80f6eb680871a9afc4c625796f2ae0f6a1bf7c4.0/usr /usr ro,relatime shared:3 - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
73 67 259:4 /ostree/deploy/fedora-coreos/var /sysroot/ostree/deploy/fedora-coreos/var rw,relatime - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
36 70 0:6 / /dev rw,nosuid shared:6 - devtmpfs devtmpfs rw,seclabel,size=4096k,nr_inodes=96132,mode=755,inode64
37 36 0:26 / /dev/shm rw,nosuid,nodev shared:7 - tmpfs tmpfs rw,seclabel,inode64
38 36 0:27 / /dev/pts rw,nosuid,noexec,relatime shared:8 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
39 70 0:25 / /sys rw,nosuid,nodev,noexec,relatime shared:9 - sysfs sysfs rw,seclabel
40 39 0:7 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:10 - securityfs securityfs rw
41 39 0:29 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:11 - cgroup2 cgroup2 rw,seclabel,nsdelegate,memory_recursiveprot
42 39 0:30 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:12 - pstore pstore rw,seclabel
43 39 0:31 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:13 - efivarfs efivarfs rw
44 39 0:32 / /sys/fs/bpf rw,nosuid,nodev,noexec,relatime shared:14 - bpf bpf rw,mode=700
45 39 0:33 / /sys/kernel/config rw,nosuid,nodev,noexec,relatime shared:15 - configfs configfs rw
46 70 0:24 / /proc rw,nosuid,nodev,noexec,relatime shared:17 - proc proc rw
47 70 0:28 / /run rw,nosuid,nodev shared:18 - tmpfs tmpfs rw,seclabel,size=184788k,nr_inodes=819200,mode=755,inode64
26 39 0:23 / /sys/fs/selinux rw,nosuid,noexec,relatime shared:16 - selinuxfs selinuxfs rw
25 46 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:19 - autofs systemd-1 rw,fd=37,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=7467
27 36 0:35 / /dev/hugepages rw,nosuid,nodev,relatime shared:20 - hugetlbfs hugetlbfs rw,seclabel,pagesize=2M
28 39 0:8 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime shared:21 - debugfs debugfs rw,seclabel
29 36 0:22 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:22 - mqueue mqueue rw,seclabel
30 70 0:36 / /tmp rw,nosuid,nodev shared:23 - tmpfs tmpfs rw,seclabel,size=461972k,nr_inodes=1048576,inode64
32 39 0:13 / /sys/kernel/tracing rw,nosuid,nodev,noexec,relatime shared:24 - tracefs tracefs rw,seclabel
33 39 0:37 / /sys/fs/fuse/connections rw,nosuid,nodev,noexec,relatime shared:25 - fusectl fusectl rw
35 70 259:4 /ostree/deploy/fedora-coreos/var /var rw,relatime shared:5 - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
50 70 259:3 / /boot ro,nosuid,nodev,relatime shared:85 - ext4 /dev/nvme0n1p3 rw,seclabel
53 25 0:40 / /proc/sys/fs/binfmt_misc rw,nosuid,nodev,noexec,relatime shared:90 - binfmt_misc binfmt_misc rw
159 35 0:43 / /var/lib/nfs/rpc_pipefs rw,relatime shared:93 - rpc_pipefs sunrpc rw
145 47 0:28 /netns /run/netns rw,nosuid,nodev shared:18 - tmpfs tmpfs rw,seclabel,size=184788k,nr_inodes=819200,mode=755,inode64
64 35 259:4 /ostree/deploy/fedora-coreos/var/lib/containers/storage/overlay /var/lib/containers/storage/overlay rw,relatime - xfs /dev/nvme0n1p4 rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,prjquota
319 35 0:53 / /var/lib/containers/storage/overlay-containers/94c4b4159f7bbd078e7e8805048ebf032dba74d9dca371225a57788dd4e45d50/userdata/shm rw,nosuid,nodev,noexec,relatime shared:452 - tmpfs shm rw,context="system_u:object_r:container_file_t:s0:c1,c515",size=64000k,inode64
556 64 0:54 / /var/lib/containers/storage/overlay/8061ec55bddaf662879fdb4e434ca0e18ae82e5cc64016aad6bfcaffebcaa42e/merged rw,nodev,relatime - overlay overlay rw,context="system_u:object_r:container_file_t:s0:c1,c515",lowerdir=/var/lib/containers/storage/overlay/l/H4D7AC6WR7FENOFTWRDGN3KC3V:/var/lib/containers/storage/overlay/l/6WMTNQXLWVET6TJAP6BGTUNJPF:/var/lib/containers/storage/overlay/l/3XKBYHCOES2DCBZFPOMEKDXDQ3:/var/lib/containers/storage/overlay/l/L26X46UIXOBVDMAZJHKYXVPJA4:/var/lib/containers/storage/overlay/l/DU6Z3FXL2NYHESHGI3BM4TWGST:/var/lib/containers/storage/overlay/l/JPZDMNJQTRPF6DFMIFSGSEI3LG:/var/lib/containers/storage/overlay/l/DZXO36XZS2LELBBI3RWYB5YJJF,upperdir=/var/lib/containers/storage/overlay/8061ec55bddaf662879fdb4e434ca0e18ae82e5cc64016aad6bfcaffebcaa42e/diff,workdir=/var/lib/containers/storage/overlay/8061ec55bddaf662879fdb4e434ca0e18ae82e5cc64016aad6bfcaffebcaa42e/work,redirect_dir=on,uuid=on,metacopy=on,volatile
63 47 0:50 / /run/user/1000 rw,nosuid,nodev,relatime shared:375 - tmpfs tmpfs rw,seclabel,size=92392k,nr_inodes=23098,mode=700,uid=1000,gid=1000,inode64

Also, could you try without --net host?

Keepalived fails with error IPVS: Can't initialize ipvs: No such file or directory

giuseppe commented 1 month ago

that error is coming from the container payload I guess. Could you run strace -Z -f -vv -s 1000 podman run .... to see what operation is failing with ENOENT?

jobcespedes commented 1 month ago

It is a lengthy output. I am attaching the first 10 and last 10 lines matching ENOENT.

Command:

strace -Z -f -vv -s 1000 /usr/bin/podman run \
    --rm \
    --replace \
    --pull never \
    --stop-timeout 30 \
    --cap-add=NET_ADMIN \
    --cap-add=NET_BROADCAST \
    --cap-add=NET_RAW \
    --net=host \
    --user 1001 \
    --userns=keep-id \
    --tmpfs /sys \
    --volume /etc/keepalived/keepalived.conf:/etc/keepalived/keepalived.conf:ro \
    --volume /etc/keepalived/tls:/etc/keepalived/tls:ro \
    --name keepalived keepalived

First 10 lines:

faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
faccessat(AT_FDCWD, "/etc/containers/podman_preexec_hooks.txt", F_OK) = -1 ENOENT (No such file or directory)
[pid 75243] statfs("/sys/fs/cgroup/unified", 0x400035fc90) = -1 ENOENT (No such file or directory)
[pid 75243] faccessat(AT_FDCWD, "/etc/containers/storage.conf", F_OK) = -1 ENOENT (No such file or directory)
[pid 75243] faccessat(AT_FDCWD, "/etc/containers/storage.conf", F_OK) = -1 ENOENT (No such file or directory)
[pid 75243] newfstatat(AT_FDCWD, "/etc/containers/containers.conf.d", 0x40004d83f8, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
[pid 75243] newfstatat(AT_FDCWD, "/root/.config/containers/containers.conf.d", 0x40004d84b8, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
[pid 75243] openat(AT_FDCWD, "/etc/containers/containers.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 75243] openat(AT_FDCWD, "/root/.config/containers/containers.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 75243] newfstatat(AT_FDCWD, "/etc/containers/containers.conf.d", 0x40004d87b8, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)

Last 10 lines:

[pid 75284] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-journal", 0xffff4fe0e298, 0) = -1 ENOENT (No such file or directory)
[pid 75284] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-wal", 0xffff4fe0e298, 0) = -1 ENOENT (No such file or directory)
[pid 75284] openat(AT_FDCWD, "/var/lib/containers/storage/overlay/staging", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-journal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-wal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-journal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-wal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-journal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] newfstatat(AT_FDCWD, "/var/lib/containers/storage/db.sql-wal", 0xffff3f40e298, 0) = -1 ENOENT (No such file or directory)
[pid 75247] openat(AT_FDCWD, "/var/lib/containers/storage/overlay/staging", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)