[pkg-go] Bug#987207: podman not running out-of-the-box as root

Laurent Bigonville bigon at debian.org
Mon Apr 19 16:50:52 BST 2021 

Package: podman
Version: 3.0.1+dfsg1-1
Severity: serious

Hello,

After installing podman, I cannot run it as root out of the box as it
fails with:

ERRO[0000] [graphdriver] prior storage driver overlay failed: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver
Error: kernel does not support overlay fs: 'overlay' is not supported over extfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver

Looking at fedora it seems that they have a containers-common package
that ships a default storage.conf file:

https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf

I see that the debian package is shipping a file in
/usr/share/containers/storage.conf (in the containers-storage package),
but that file is apparently not read (strace only shows that the file in
/etc/containers is read) and anyway unlike in fedora:

1) the driver is not set to overlay
2) the file is installed only if the containers-storage package is
installed, which is not done by default.
3) that file is not read anyway, strace only shows that
/etc/containers/storage.conf is read and not
/usr/share/containers/storage.conf, so the file is apparently useless

Shouldn't debian do the same thing than fedora so everything works OOTB?

As a side note, I can see they are shipping also other files as well,
like the seccomp.json file, using strace, it seems that podman tries to
read them:

[pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json", 0xc0000ee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
[pid 14835] newfstatat(AT_FDCWD, "/usr/share/containers/seccomp.json", 0xc0000ee788, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)

Shouldn't that file be shipped by default too?

Kind regards,
Laurent Bigonville

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages podman depends on:
ii  conmon                           2.0.25+ds1-1
ii  containernetworking-plugins      0.9.0-1+b3
ii  golang-github-containers-common  0.35.4+ds1-1
ii  init-system-helpers              1.60
ii  libc6                            2.31-11
ii  libdevmapper1.02.1               2:1.02.175-2.1
ii  libgpgme11                       1.14.0-1+b2
ii  libseccomp2                      2.5.1-1
ii  runc                             1.0.0~rc93+ds1-3

Versions of packages podman recommends:
ii  buildah                                           1.20.0+ds1-1
ii  fuse-overlayfs                                    1.4.0-1
ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b4
ii  slirp4netns                                       1.0.1-2
ii  tini                                              0.19.0-1
ii  uidmap                                            1:4.8.1-1

Versions of packages podman suggests:
ii  containers-storage  1.24.8+dfsg1-1+b1
ii  docker-compose      1.25.0-1

-- no debconf information

More information about the Pkg-go-maintainers mailing list