Fedora-Remix-for-WSL icon indicating copy to clipboard operation
Fedora-Remix-for-WSL copied to clipboard

Published 20 hours ago verified publisher icon WhitewaterFoundry

Podman: there might not be enough IDs available in the namespace

Open prototact opened this issue 5 years ago • 1 comments

Bug Description I installed podman on WSL 2 fedora-remix (I opted for the windows insider program for that reason). Everything went fine until I tried to pull an image. At the step of storing signatures I got an error about insufficient IDs in the name space.

To Reproduce Steps to reproduce the behavior:

  1. sudo dnf install podman
  2. podman pull ubi8

Expected Behavior I thought it would pull the image normally but nope.

Screenshots image

Additional context I just want to run podman in WSL 2 instead of Docker Desktop.

Basic Troubleshooting Checklist

[x] I have searched Google for the error message. [x] I have checked official WSL troubleshooting documentation: https://docs.microsoft.com/en-us/windows/wsl/troubleshooting#confirm-wsl-is-enabled. [x] I have searched the official Microsoft WSL issues page: https://github.com/Microsoft/WSL/issues. [x] I have searched the WLinux issues page: https://github.com/WhitewaterFoundry/WLinux/issues. [x] I have reset WLinux: Settings->Apps->Apps & features->WLinux->Advanced Options->Reset. [x] I have disabled and re-enabled WSL in Windows Features. [x] I have run Windows 10 updates and restarted.

What other troubleshooting have you attempted?

Insert here: I followed the troubleshooting here https://github.com/containers/libpod/issues/3421 But to no avail. I run as user (not root) podman system migrate podman unshare cat /proc/self/uid_map for the first command i get no output but for the second one i get

$ podman unshare cat /proc/self/uid_map
         0       1000          1

This is suspicious because the normal output should be something like

$ podman unshare cat /proc/self/uid_map
         0       1000          1
         1     100000      65536

There seems to be no range attached to the user. In addition cat /etc/subuid has this form

mockbuild:100000:65536
orfeaskar:165536:65536

Mysterious mockbuild user, probably related to WSL wizardry.

WLinux Version

Insert here: 1.31.5.0

Windows Build

insert here: 10.0.19037 N/A Build 19037

prototact avatar Dec 10 '19 04:12 prototact

Were you able to resolve this? I'm currently running into the same issue on WSL2 when I try to pull an image with podman.

Update: Ok, I got it working. In my case the newuidmap and newgidmap binaries did not have the setuid bit set, so they did not have the capabilities they needed to map the uids correctly. So, I just had to run:

$ podman unshare cat /proc/self/uid_map
         0       1000          1

... switch to root

# chmod u+s $(which newuidmap)
# chmod u+s $(which newgidmap)

... switch back to regular user here

$ podman system migrate
$ podman unshare cat /proc/self/uid_map
         0       1000          1
         1     100000      65536

Thanks for pointing me in the right direction. This thread explains the issue.

dominic-p avatar May 28 '20 04:05 dominic-p