New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
setting net.ipv4.ping_group_range fails (uidmap/gidmap) #15934
Comments
@giuseppe PTAL |
I think Could you try something like: Does that make any difference? |
@giuseppe thank you! i've noticed there is actually an error message for that:
adding a
i assume the code setting the uid for the application has it and the code writing to it works with the added
these warnings go away when adding
not having to specify |
@yogo1212 To fix the error
add the command-line option
The test was run on Fedora 36 with Podman 4.2.1
|
if you do not specify a gidmap, then its value is copied from the uidmap. To avoid the issue with ping_group_range, I've added this line to the
|
Thanks for addressing this recurring error/mistake.
Is that that a fix or just hiding an underlying error with unmapped uid 0? Either way, it's an improvement, imo :-) |
thanks - interesting! atm, i'm sticking to the 'just map uid 0' approach. |
A friendly reminder that this issue had no activity for 30 days. |
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
When spinning up a container for opensearch, there's an error (further down in the template 馃敟 ).
Steps to reproduce the issue:
podman run --rm --uidmap 1000:0:1 --gidmap 1000:0:1 -v /mnt/opensearch1:/usr/share/opensearch/data -p 9200:9200 -p 9600:9600 docker.io/opensearchproject/opensearch:latest
You probably don't want the
-v
.Describe the results you received:
Describe the results you expected:
Preferably, a running container - but, honestly: Loads of other errors from opensearch.
Additional information you deem important (e.g. issue happens only occasionally):
The calling user's UID/GID is 1003/1003.
Opensearch uses UID/GID 1000/1000 in their Docker image, so there are
--uidmap
and--gidmap
parameters mapping that the respective ID of the current user.The value on the host:
net.ipv4.ping_group_range = 0 2147483647
Because of the mapping and previous errors with sysctl, I think this could be related to #13194 and/or #11922.
Podman is a bit newer on my machine though (version further down in the template 馃)
There's a docker issue with a similar error message.
Setting
default_sysctls = []
in~/.config/containers/containers.conf
is a workaround but not very practical (have to create another user to not interfere with other containers).Output of
podman version
:Output of
podman info
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)
Yes.
The specified ID lies within
ping_group_range
.I have tested with podman 4.2.0 on my machine because I can't install anything on the server.
There's a different error but it looks to me like that's happening earlier.
Additional environment details (AWS, VirtualBox, physical, etc.):
Rocky Linux 9 on Kernel 5.14 on a virtual server.
The text was updated successfully, but these errors were encountered: