[pkg-go] Bug#987207: podman not running out-of-the-box as root

Reinhard Tartler siretart at gmail.com
Wed Apr 21 04:02:59 BST 2021

Control: tag -1 moreinfo

Hi Laurent,

I've downloaded the Bullseye Alpha 3 debian installer and installed using
kvm to have a super clean new system. Unfortunately, I was unable to
reproduce the issue that you described below. (I did find some issues with
rootless podman outside of a gnome-session, but that's a different story).

The symptoms sound a lot like described in this upstream bug:

Can you please compare your notes with that upstream bug? Can you confirm
that the 'overlay' kernel module is loaded? (in my test, it was loaded
automatically). If you still think this is an issue in the Debian package,
please let me know. I may require your assistance with reproducing this


On Mon, Apr 19, 2021 at 11:54 AM Laurent Bigonville <bigon at debian.org>

> Package: podman
> Version: 3.0.1+dfsg1-1
> Severity: serious
> Hello,
> After installing podman, I cannot run it as root out of the box as it
> fails with:
> ERRO[0000] [graphdriver] prior storage driver overlay failed: kernel does
> not support overlay fs: 'overlay' is not supported over extfs at
> "/var/lib/containers/storage/overlay": backing file system is unsupported
> for this graph driver
> Error: kernel does not support overlay fs: 'overlay' is not supported over
> extfs at "/var/lib/containers/storage/overlay": backing file system is
> unsupported for this graph driver
> Looking at fedora it seems that they have a containers-common package
> that ships a default storage.conf file:
> https://src.fedoraproject.org/rpms/containers-common/blob/rawhide/f/storage.conf
> I see that the debian package is shipping a file in
> /usr/share/containers/storage.conf (in the containers-storage package),
> but that file is apparently not read (strace only shows that the file in
> /etc/containers is read) and anyway unlike in fedora:
> 1) the driver is not set to overlay
> 2) the file is installed only if the containers-storage package is
> installed, which is not done by default.
> 3) that file is not read anyway, strace only shows that
> /etc/containers/storage.conf is read and not
> /usr/share/containers/storage.conf, so the file is apparently useless
> Shouldn't debian do the same thing than fedora so everything works OOTB?
> As a side note, I can see they are shipping also other files as well,
> like the seccomp.json file, using strace, it seems that podman tries to
> read them:
> [pid 14835] newfstatat(AT_FDCWD, "/etc/containers/seccomp.json",
> 0xc0000ee6b8, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
> [pid 14835] newfstatat(AT_FDCWD, "/usr/share/containers/seccomp.json",
> 0xc0000ee788, 0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
> Shouldn't that file be shipped by default too?
> Kind regards,
> Laurent Bigonville
> -- System Information:
> Debian Release: 11.0
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
> 'experimental-debug'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
> Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
> Versions of packages podman depends on:
> ii  conmon                           2.0.25+ds1-1
> ii  containernetworking-plugins      0.9.0-1+b3
> ii  golang-github-containers-common  0.35.4+ds1-1
> ii  init-system-helpers              1.60
> ii  libc6                            2.31-11
> ii  libdevmapper1.02.1               2:1.02.175-2.1
> ii  libgpgme11                       1.14.0-1+b2
> ii  libseccomp2                      2.5.1-1
> ii  runc                             1.0.0~rc93+ds1-3
> Versions of packages podman recommends:
> ii  buildah                                           1.20.0+ds1-1
> ii  fuse-overlayfs                                    1.4.0-1
> ii  golang-github-containernetworking-plugin-dnsname  1.1.1+ds1-4+b4
> ii  slirp4netns                                       1.0.1-2
> ii  tini                                              0.19.0-1
> ii  uidmap                                            1:4.8.1-1
> Versions of packages podman suggests:
> ii  containers-storage  1.24.8+dfsg1-1+b1
> ii  docker-compose      1.25.0-1
> -- no debconf information

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20210420/6035da5c/attachment-0003.htm>

More information about the Pkg-go-maintainers mailing list