It appears that the directory could not be mounted.

[daiaji]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Steps to reproduce the issue:

1.Compiling image for non root users

Describe the results you received:
podman build -t v2ray .
STEP 1: FROM alpine AS builder
STEP 2: RUN apk update && apk add --no-cache bash ca-certificates curl unzip && curl $CURLPROXY -fsSL https://install.direct/go.sh | bash -s -- $V2RAYPROXY && curl $CURLPROXY -fsSLo /usr/bin/v2ray/h2y.dat https://raw.githubusercontent.com/ToutyRater/V2Ray-SiteDAT/master/geofiles/h2y.dat
WARN[0000] signal: killed
ERRO[0000] container_linux.go:349: starting container process caused "process_linux.go:449: container init caused "rootfs_linux.go:58: mounting \"/dev\" to rootfs \"/var/tmp/buildah335681964/mnt/rootfs\" at \"/dev\" caused \"mkdir /var/tmp/buildah335681964/mnt/rootfs/dev: file exists\"""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused "rootfs_linux.go:58: mounting \"/dev\" to rootfs \"/var/tmp/buildah335681964/mnt/rootfs\" at \"/dev\" caused \"mkdir /var/tmp/buildah335681964/mnt/rootfs/dev: file exists\"""
error running container: error creating container for [/bin/sh -c apk update && apk add --no-cache bash ca-certificates curl unzip && curl $CURLPROXY -fsSL https://install.direct/go.sh | bash -s -- $V2RAYPROXY && curl $CURLPROXY -fsSLo /usr/bin/v2ray/h2y.dat https://raw.githubusercontent.com/ToutyRater/V2Ray-SiteDAT/master/geofiles/h2y.dat]: : exit status 1
Error: error building at STEP "RUN apk update && apk add --no-cache bash ca-certificates curl unzip && curl $CURLPROXY -fsSL https://install.direct/go.sh | bash -s -- $V2RAYPROXY && curl $CURLPROXY -fsSLo /usr/bin/v2ray/h2y.dat https://raw.githubusercontent.com/ToutyRater/V2Ray-SiteDAT/master/geofiles/h2y.dat": error while running runtime: exit status 1

Describe the results you expected:
Successfully compiled the image without root.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:            1.8.0
RemoteAPI Version:  1
Go Version:         go1.12.16
OS/Arch:            linux/386

Output of podman info --debug:

debug:
  compiler: gc
  git commit: ""
  go version: go1.12.16
  podman version: 1.8.0
host:
  BuildahVersion: 1.13.1
  CgroupVersion: v1
  Conmon:
    package: conmon-2.0.10-1.1.i586
    path: /usr/bin/conmon
    version: 'conmon version 2.0.10, commit: unknown'
  Distribution:
    distribution: '"opensuse-tumbleweed"'
    version: "20200220"
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 100
      size: 1
    - container_id: 1
      host_id: 110000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 110000
      size: 65536
  MemFree: 104615936
  MemTotal: 442527744
  OCIRuntime:
    name: runc
    package: runc-1.0.0~rc10-2.1.i586
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc10
      spec: 1.0.1-dev
  SwapFree: 423911424
  SwapTotal: 442523648
  arch: "386"
  cpus: 1
  eventlogger: file
  hostname: linux-vsmq
  kernel: 5.5.4-1-pae
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.3-1.1.i586
    Version: |-
      slirp4netns version 0.4.3
      commit: unknown
  uptime: 28m 5.63s
registries:
  search:
  - docker.io
store:
  ConfigFile: /home/fake/.config/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.7.6-1.1.i586
      Version: |-
        fusermount3 version: 3.9.0
        fuse-overlayfs: version 0.7.6
        FUSE library version 3.9.0
        using FUSE kernel interface version 7.31
  GraphRoot: /home/fake/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 2
  RunRoot: /run/user/1000/containers
  VolumePath: /home/fake/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

Repository     : openSUSE-Tumbleweed-Oss                                              
Name           : podman                                                               
Version        : 1.8.0-1.1                                                            
Arch           : i586                                                                 
Vendor         : openSUSE                                                             
Installed Size : 93.2 MiB                                                             
Installed      : Yes                                                                  
Status         : up-to-date                                                           
Source package : podman-1.8.0-1.1.src                                                 
Summary        : Daemon-less container engine for managing containers, pods and images
Description    :                                                                      
    Podman is a container engine for managing pods, containers, and container
    images.
    It is a standalone tool and it directly manipulates containers without the need
    of a container engine daemon.
    Podman is able to interact with container images create in buildah, cri-o, and
    skopeo, as they all share the same datastore backend.

Additional environment details (AWS, VirtualBox, physical, etc.):

This doesn't happen when I use root

[mheon]

@TomSweeneyRedHat PTAL - looks like a build issue

[TomSweeneyRedHat]

@daiaji can you verify that I'm using the right Dockerfile? It seems to be working for me as a rootless user and as root.

$ cat /tmp/Dockerfile
FROM alpine as builder
RUN apk update && apk add --no-cache bash ca-certificates curl unzip && curl $CURLPROXY -fsSL https://install.direct/go.sh | bash -s -- $V2RAYPROXY && curl $CURLPROXY -fsSLo /usr/bin/v2ray/h2y.dat https://raw.githubusercontent.com/ToutyRater/V2Ray-SiteDAT/master/geofiles/h2y.dat

[daiaji]

@TomSweeneyRedHat In fact, I can't even run the container.

podman run -it alpine sh
Error: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/home/fake/.local/share/containers/storage/overlay/34e498fef4ddb57a36fde630c6a4d4f51dd21cf54ce7d8516d60e749a9df8ef6/merged\\\" at \\\"/proc\\\" caused \\\"mkdir /home/fake/.local/share/containers/storage/overlay/34e498fef4ddb57a36fde630c6a4d4f51dd21cf54ce7d8516d60e749a9df8ef6/merged/proc: file exists\\\"\"": OCI runtime error

Is this related to the subuid and subgid settings?

cat /etc/sub*id
dockremap:100000000:65537
fake:110000:65536
dockremap:100000000:65537
fake:110000:65536

[mheon]

Can you provide the full output of podman run --log-level=debug -it alpine sh

[daiaji]

@mheon

podman run --log-level=debug -it alpine sh
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fake/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fake/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/fake/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/fake/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] No store required. Not opening container store. 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
INFO[0000] running as rootless                          
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fake/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fake/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/fake/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/fake/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs 
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
WARN[0000] Error initializing configured OCI runtime crun: no valid executable found for OCI runtime crun: invalid argument 
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/alpine:latest" 
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] exporting opaque data as blob "sha256:4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] Using slirp4netns netmode                    
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading seccomp profile from "/usr/share/containers/seccomp.json" 
DEBU[0000] created OCI spec and options for new container 
DEBU[0000] Allocated lock 4 for container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e 
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] exporting opaque data as blob "sha256:4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] created container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" 
DEBU[0000] container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" has work directory "/home/fake/.local/share/containers/storage/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata" 
DEBU[0000] container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" has run directory "/run/user/1000/containers/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata" 
DEBU[0000] New container created "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" 
DEBU[0000] container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" has CgroupParent "/libpod_parent/libpod-37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" 
DEBU[0000] Handling terminal attach                     
DEBU[0000] overlay: mount_data=lowerdir=/home/fake/.local/share/containers/storage/overlay/l/OSAGFIZHKV6EJU6AWCMP2K3LVN,upperdir=/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/diff,workdir=/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/work 
DEBU[0000] Made network namespace at /run/user/1000/netns/cni-eb1f2f21-b19d-e804-3c7b-9c2fe5fb5ef5 for container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e 
DEBU[0000] mounted container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" at "/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged" 
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable-sandbox -c -e 3 -r 4 --netns-type=path /run/user/1000/netns/cni-eb1f2f21-b19d-e804-3c7b-9c2fe5fb5ef5 tap0 
DEBU[0000] Created root filesystem for container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e at /home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged 
DEBU[0000] skipping loading default AppArmor profile (rootless mode) 
INFO[0000] No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4] 
INFO[0000] IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844] 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# This configuration file specifies the default mounts for each container of the" 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# tools adhering to this file (e.g., CRI-O, Podman, Buildah).  The format of the" 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# config is /SRC:/DST, one mount per line." 
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode secret 
DEBU[0000] Created OCI spec for container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e at /home/fake/.local/share/containers/storage/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -c 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e -u 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e -r /usr/bin/runc -b /home/fake/.local/share/containers/storage/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata -p /run/user/1000/containers/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata/pidfile -l k8s-file:/home/fake/.local/share/containers/storage/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata/ctr.log --exit-dir /run/user/1000/libpod/tmp/exits --socket-dir-path /run/user/1000/libpod/tmp/socket --log-level debug --syslog -t --conmon-pidfile /run/user/1000/containers/overlay-containers/37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/fake/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg cgroupfs --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --runtime --exit-command-arg runc --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mount_program=/usr/bin/fuse-overlayfs --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e]"
WARN[0000] Failed to add conmon to cgroupfs sandbox cgroup: error creating cgroup for cpu: mkdir /sys/fs/cgroup/cpu/libpod_parent: permission denied 
DEBU[0000] Received: -1                                 
DEBU[0000] Cleaning up container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e 
DEBU[0000] Tearing down network namespace at /run/user/1000/netns/cni-eb1f2f21-b19d-e804-3c7b-9c2fe5fb5ef5 for container 37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e 
DEBU[0000] unmounted container "37a500bbe45b4d61eaee34a0d6658899ed40b2fe85147f924eb4e2028f5c288e" 
DEBU[0000] ExitCode msg: "time=\"2020-02-25t17:22:53+08:00\" level=warning msg=\"signal: killed\"\ntime=\"2020-02-25t17:22:53+08:00\" level=error msg=\"container_linux.go:349: starting container process caused \\\"process_linux.go:449: container init caused \\\\\\\"rootfs_linux.go:58: mounting \\\\\\\\\\\\\\\"proc\\\\\\\\\\\\\\\" to rootfs \\\\\\\\\\\\\\\"/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged\\\\\\\\\\\\\\\" at \\\\\\\\\\\\\\\"/proc\\\\\\\\\\\\\\\" caused \\\\\\\\\\\\\\\"mkdir /home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged/proc: file exists\\\\\\\\\\\\\\\"\\\\\\\"\\\"\"\ncontainer_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"rootfs_linux.go:58: mounting \\\\\\\"proc\\\\\\\" to rootfs \\\\\\\"/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged\\\\\\\" at \\\\\\\"/proc\\\\\\\" caused \\\\\\\"mkdir /home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged/proc: file exists\\\\\\\"\\\"\": oci runtime error" 
ERRO[0000] time="2020-02-25T17:22:53+08:00" level=warning msg="signal: killed"
time="2020-02-25T17:22:53+08:00" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"rootfs_linux.go:58: mounting \\\\\\\"proc\\\\\\\" to rootfs \\\\\\\"/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged\\\\\\\" at \\\\\\\"/proc\\\\\\\" caused \\\\\\\"mkdir /home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged/proc: file exists\\\\\\\"\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"proc\\\" to rootfs \\\"/home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged\\\" at \\\"/proc\\\" caused \\\"mkdir /home/fake/.local/share/containers/storage/overlay/e8529619b007e0221289fe9a5e67c4ddb3a199e1e2f972912fbaa05b36743dd3/merged/proc: file exists\\\"\"": OCI runtime error

[TomSweeneyRedHat]

@daiaji just double checking were you logged on as the 'fake' user when you did the run? Are you able to run this as root?

[daiaji]

@TomSweeneyRedHat I just replaced the user name in the log. In fact, I am using another user name, which can work under root.

[mheon]

Error's definitely out of runc, but I'm not exactly sure what it is. Manpages say that mount(2) can't return EEXIST so this is probably some form of check before the mount is made?

[mheon]

This is our relevant code block:

https://github.com/opencontainers/runc/blob/688cf6d43cc4f8b5a56d0fb7c7512dcfcec2cfd7/libcontainer/rootfs_linux.go#L301-L318

I'm betting the cause is that initial Lstat

[mheon]

Hmm. Actually, probably not. Could be the MkdirAll.

[mheon]

@daiaji Any chance the crun runtime is available in Tumbleweed? Can you try that instead via --runtime=crun if so? I'd like to see if that gives a different/better error message

[daiaji]

@mheon Fortunately, although the official software source does not have crun, I found the community maintenance package. Unfortunately, the community software source does not provide the binary package of i586, but the spec template file can be compiled on the i586 architecture. Just a year ago, I compiled one or two packages. After splitting the spec template file and compiling it, I still got the package on the i586 architecture.
Good night😴

podman run --runtime=crun --log-level=debug -it alpine sh
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fake/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fake/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/fake/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/fake/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] No store required. Not opening container store. 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
DEBU[0000] using runtime "/usr/bin/crun"                
INFO[0000] running as rootless                          
DEBU[0000] Using conmon: "/usr/bin/conmon"              
DEBU[0000] Initializing boltdb state at /home/fake/.local/share/containers/storage/libpod/bolt_state.db 
DEBU[0000] Using graph driver overlay                   
DEBU[0000] Using graph root /home/fake/.local/share/containers/storage 
DEBU[0000] Using run root /run/user/1000/containers     
DEBU[0000] Using static dir /home/fake/.local/share/containers/storage/libpod 
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp      
DEBU[0000] Using volume path /home/fake/.local/share/containers/storage/volumes 
DEBU[0000] Set libpod namespace to ""                   
DEBU[0000] [graphdriver] trying provided driver "overlay" 
DEBU[0000] overlay: mount_program=/usr/bin/fuse-overlayfs 
DEBU[0000] backingFs=btrfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=false 
DEBU[0000] Initializing event backend file              
DEBU[0000] using runtime "/usr/bin/runc"                
DEBU[0000] using runtime "/usr/bin/crun"                
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]docker.io/library/alpine:latest" 
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] exporting opaque data as blob "sha256:4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] Using slirp4netns netmode                    
DEBU[0000] No hostname set; container's hostname will default to runtime default 
DEBU[0000] Loading seccomp profile from "/usr/share/containers/seccomp.json" 
DEBU[0000] created OCI spec and options for new container 
DEBU[0000] Allocated lock 5 for container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 
DEBU[0000] parsed reference into "[overlay@/home/fake/.local/share/containers/storage+/run/user/1000/containers:overlay.mount_program=/usr/bin/fuse-overlayfs]@4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] exporting opaque data as blob "sha256:4db807a9020c0fabd99dd7cc235f660fd6e941fd0564509c1a7264a932301201" 
DEBU[0000] created container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" 
DEBU[0000] container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" has work directory "/home/fake/.local/share/containers/storage/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata" 
DEBU[0000] container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" has run directory "/run/user/1000/containers/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata" 
DEBU[0000] New container created "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" 
DEBU[0000] container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" has CgroupParent "/libpod_parent/libpod-95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" 
DEBU[0000] Handling terminal attach                     
DEBU[0000] overlay: mount_data=lowerdir=/home/fake/.local/share/containers/storage/overlay/l/OSAGFIZHKV6EJU6AWCMP2K3LVN,upperdir=/home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/diff,workdir=/home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/work 
DEBU[0000] Made network namespace at /run/user/1000/netns/cni-0c52085e-77b0-ce8e-8f86-d2f783593872 for container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 
DEBU[0000] slirp4netns command: /usr/bin/slirp4netns --disable-host-loopback --mtu 65520 --enable-sandbox -c -e 3 -r 4 --netns-type=path /run/user/1000/netns/cni-0c52085e-77b0-ce8e-8f86-d2f783593872 tap0 
DEBU[0000] mounted container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" at "/home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/merged" 
DEBU[0000] Created root filesystem for container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 at /home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/merged 
DEBU[0000] skipping loading default AppArmor profile (rootless mode) 
INFO[0000] No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4] 
INFO[0000] IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844] 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# This configuration file specifies the default mounts for each container of the" 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# tools adhering to this file (e.g., CRI-O, Podman, Buildah).  The format of the" 
DEBU[0000] skipping unrecognized mount in /etc/containers/mounts.conf: "# config is /SRC:/DST, one mount per line." 
DEBU[0000] /etc/system-fips does not exist on host, not mounting FIPS mode secret 
DEBU[0000] Created OCI spec for container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 at /home/fake/.local/share/containers/storage/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata/config.json 
DEBU[0000] /usr/bin/conmon messages will be logged to syslog 
DEBU[0000] running conmon: /usr/bin/conmon               args="[--api-version 1 -c 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 -u 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 -r /usr/bin/crun -b /home/fake/.local/share/containers/storage/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata -p /run/user/1000/containers/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata/pidfile -l k8s-file:/home/fake/.local/share/containers/storage/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata/ctr.log --exit-dir /run/user/1000/libpod/tmp/exits --socket-dir-path /run/user/1000/libpod/tmp/socket --log-level debug --syslog -t --conmon-pidfile /run/user/1000/containers/overlay-containers/95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /home/fake/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg cgroupfs --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --runtime --exit-command-arg crun --exit-command-arg --storage-driver --exit-command-arg overlay --exit-command-arg --storage-opt --exit-command-arg overlay.mount_program=/usr/bin/fuse-overlayfs --exit-command-arg --events-backend --exit-command-arg file --exit-command-arg container --exit-command-arg cleanup --exit-command-arg 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1]"
WARN[0000] Failed to add conmon to cgroupfs sandbox cgroup: error creating cgroup for cpu: mkdir /sys/fs/cgroup/cpu/libpod_parent: permission denied 
DEBU[0000] Received: -1                                 
DEBU[0000] Cleaning up container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 
DEBU[0000] Tearing down network namespace at /run/user/1000/netns/cni-0c52085e-77b0-ce8e-8f86-d2f783593872 for container 95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1 
DEBU[0000] unmounted container "95db7c89cc9235787a616b0220cb4be89e02226bc531b8562ddb4cda04d0e2d1" 
DEBU[0000] ExitCode msg: "error stat'ing file '/home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/merged/proc': no such file or directory: oci runtime command not found error" 
ERRO[0000] error stat'ing file '/home/fake/.local/share/containers/storage/overlay/32d2edd348f3f6d064667cda74eadd4c517dd86748031ecb431d3ec2f5098e8e/merged/proc': No such file or directory: OCI runtime command not found error

[mheon]

@giuseppe Any thoughts here?

[giuseppe]

Could be the interaction runc with fuse-overlays, I'll need to check. Also it can be the 32 bits arch, I have never tried fuse-overlays there

[giuseppe]

just to make sure the namespace is created correctly, could you show the output for podman unshare cat /proc/self/uid_map?

[daiaji]

@giuseppe

cat /proc/self/uid_map
         0          0 4294967295

[giuseppe]

it seems you are running it in the host. Please use podman unshare:

$ podman unshare cat /proc/self/uid_map

[daiaji]

@giuseppe

podman unshare cat /proc/self/uid_map
         0       1000          1
         1     100000      65536

[giuseppe]

the userns looks good.

At this point, I am afraid it depends from the arch you are using

[daiaji]

@giuseppe I will try to test podman on the new 32bit openSUSE or switch to 32bit Ubuntu test.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

@daiaji I take it this is fixed, or works for you.