[CI:DOCS] rootless: Tell the user what was led to the error, not just what it is #9788
Conversation
|
Running as root there doesn't seem like the right suggestion? If |
Well, it is if they didn’t intend to run rootless. |
To be clarified running as root does not mean that there will be root inside of container. This can be helpful when userns is not used. |
|
But very few people didn't mean to run rootless. Rootless is one of Podman's most-used features, and I'd say we have more rootless users than root users. This error message is nonsensical for them, the majority of our users. |
|
How about |
|
Or do you have a different, better phrasing in mind? I think it’s important to point out both options exist. |
|
@TomSweeneyRedHat @rhatdan You two might have opinions here? |
|
Beyond @rhatdan's comment, I'd a couple small nits in the text. Otherwise, TYVM @andrewshadura for the PR! |
|
newuidmap/newgidmap are required only for rootless mode with multiple IDs available. It is still possible to use rootless but you are limited to just one user, together with ignore_chown_errors |
How? I don’t think that’s documented very well, or at all? |
yes, unfortunately this part is not documented properly, but you can try adding: It is not done automatically (and I think it shouldn't) because potentially it can lead to security problems when the files ownership inside the container matters. |
|
Right, we recommend this only for specific use cases like HPC environments. Also pushing these types of containers to container registries, might cause some issues. |
|
A friendly reminder that this PR had no activity for 30 days. |
|
@andrewshadura Still working on this? |
andrewshadura
force-pushed
the
rootless-friendly-error
branch
3 times, most recently
from
9ce5143
to
43fa589
Compare
Users coming e.g. from Docker do not always read the manual and
expect podman to not require sudo or uidmap, for them the default
message is not very helpful:
Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.:
cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH
Adding a bit more context to this would help to nudge them into the
right direction and tell them what to look for in the documentation:
command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH
Signed-off-by: Andrej Shadura <[email protected]>
[NO TESTS NEEDED]
andrewshadura
force-pushed
the
rootless-friendly-error
branch
from
43fa589
to
09e640d
Compare
rhatdan
changed the title
|
LGTM |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andrewshadura, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
LGTM |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Users coming e.g. from Docker do not always read the manual and expect podman to not require sudo or uidmap, for them the default message is not very helpful:
Adding a bit more context to this would help to nudge them into the right direction and tell them what to look for in the documentation:
Signed-off-by: Andrej Shadura
<[email protected]>