I want to run a Podman container in a Kubernetes Pod to deploy some services in a Kubernetes cluster with Podman. I followed this website: to deploy a K8S Pod in rootful mode without privileged flag. However, when I try to run a Podman container in the K8S Pod I get some errors.
Error :
[root@podman /]# podman run hello
Resolved "hello" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello:latest...
Getting image source signatures
Copying blob afc12373accf done |
Copying config 5ceee15b65 done |
Writing manifest to image destination
ERRO[0001] Unmounting /var/lib/containers/storage/overlay/c63278ba6665066ac4760999b95c8ca59ae76b5e51873d465dfa8631dc2fc4ac/merged: invalid argument
Error: mounting storage for container dc09b24ad4bd69f2de4c3b0176077f4d6f909f9f8c402f105af06236e7e3c8e5: creating overlay mount to /var/lib/containers/storage/overlay/c63278ba6665066ac4760999b95c8ca59ae76b5e51873d465dfa8631dc2fc4ac/merged, mount_data="lowerdir=/var/lib/containers/storage/overlay/l/VCMNQAVOIAFU6UJFAGZIQBJOV2,upperdir=/var/lib/containers/storage/overlay/c63278ba6665066ac4760999b95c8ca59ae76b5e51873d465dfa8631dc2fc4ac/diff,workdir=/var/lib/containers/storage/overlay/c63278ba6665066ac4760999b95c8ca59ae76b5e51873d465dfa8631dc2fc4ac/work,nodev,fsync=0": using mount program /usr/bin/fuse-overlayfs: unknown argument ignored: lazytime
fuse: device not found, try 'modprobe fuse' first
fuse-overlayfs: cannot mount: No such file or directory
: exit status 1
I tried to modify the Pod’s capabilities to correct the problem and found another error when I removed the DAC_OVERRIDE capability.
Error:
[root@podman /]# podman run hello
Resolved "hello" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello:latest...
Getting image source signatures
Copying blob afc12373accf done |
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:afc12373accfeca4ac0b3279073aefa7205aebb50edcee6157dce559cea9e768": processing tar file(setting up pivot dir: mkdir /var/lib/containers/storage/overlay/c9db4b5126cf04ddcde71759dd43aca2e19f9762ec96f7ab2e1252fb2ce43e6d/diff/.pivot_root3305806856: permission denied): exit status 1
I also tried to add all the capabilities in order to simulate the privileged flag, but I found the first error.
Could someone explain why and what the difference is between granting all capabilities and granting the privileged flag?
New contributor
NotBeCursed is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.