As the title suggest, I’m trying to run a rootless podman container with systemd-quadlets, but there’s something wrong with the CGroups permission.
I can create a rootless container without problems with podman run
, so it must be something with the systemd feature.
SELinux is disabled.
My quadlet file:
[Unit]
Description=My container
[Container]
Image=localhost/my-container:latest
EnvironmentFile=/var/www/my-container/.env
PublishPort=127.0.0.1:9090:8080
[Install]
WantedBy=default.target
journalctl --user -u my-container.service
output:
● my-container.service - my container python backend
Loaded: loaded (/home/myuser/.config/containers/systemd/my-container.container; generated)
Active: failed (Result: exit-code) since Tue 2024-07-02 18:18:22 UTC; 37min ago
Process: 217732 ExecStopPost=/usr/bin/podman rm -v -f -i --cidfile=/run/user/1002/my-container.cid (code=exited, status=0/SUCCESS)
Process: 217702 ExecStart=/usr/bin/podman run --name=systemd-my-container --cidfile=/run/user/1002/my-container.cid --replace --rm --cgroups=split --sdnotify=conmon -d --publish 127.0.0.1:9090:8080 --env-file /var/www/my-container/.env localhost/my-container:latest (code=exited, status=126)
Main PID: 217702 (code=exited, status=126)
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: Starting my container python backend...
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: my-container.service: Main process exited, code=exited, status=126/n/a
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: my-container.service: Killing process 217714 (slirp4netns) with signal SIGKILL.
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: my-container.service: Killing process 217716 (rootlessport) with signal SIGKILL.
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: my-container.service: Killing process 217722 (exe) with signal SIGKILL.
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: my-container.service: Failed with result 'exit-code'.
Jul 02 18:18:22 server1.mydomain.com systemd[115012]: Failed to start my container python backend.
Some other info:
podman version 4.9.4-rhel
systemd 239 (239-78.el8)
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy
Linux server1 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Thu Feb 22 03:02:37 EST 2024 x86_64 x86_64 x86_64 GNU/Linux
NAME="AlmaLinux"
VERSION="8.9 (Midnight Oncilla)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.9"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.9 (Midnight Oncilla)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.9"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.9"