containerd_client connect call getting "permission denied"

[juliays]

let channel = connect("/run/containerd/containerd.sock").await; let channel = match channel { Ok(channel) => channel, Err(error) => panic!("Problem connecting to containerd: {:?}", error), };

This code is getting the error below

thread 'main' panicked at 'Problem connecting to containerd: tonic::transport::Error(Transport, hyper::Error(Connect, Os { code: 13, kind: PermissionDenied, message: "Permission denied" }))', src/./containers/containerd/containerd.rs:50:27

How should I go about fixing it? Did I set up containerd wrong?

I used the following command to set up containerd and start it. Please advise. Thanks!

sudo tar Cxzvf /usr/local containerd-1.6.6-linux-arm64.tar.gz

# start containerd
systemctl daemon-reload
systemctl enable --now containerd

[juliays]

I also tried access using rootless kit. But I can't figure out the right URL to pass for the connect call. Followed this link to set up rootless containerd https://github.com/containerd/containerd/blob/main/docs/rootless.md.

id -u returns 1000.

I used the command below to start containerd and see the process running.

nerdctl run -d --restart=always --name nginx -p 8080:80 nginx:alpine

However, I can't connect to it using "ctr"

ctr images list - gets the error below

ctr: failed to dial "/run/user/1000/containerd/containerd.sock": context deadline exceeded: connection error: desc = "transport: error while dialing: dial unix:///run/user/1000/containerd/containerd.sock: timeout"

my code is now -

let channel = connect("/run/user/1000/containerd/containerd.sock").await; let channel = match channel { Ok(channel) => channel, Err(error) => panic!("Problem connecting to containerd: {:?}", error), };

This code is getting the error below thread 'main' panicked at 'Problem connecting to containerd: tonic::transport::Error(Transport, hyper::Error(Connect, Os { code: 2, kind: NotFound, message: "No such file or directory" }))

Please advise what I should try. I tried replacing 1000 in the URL with the userid, same error in both cases. Thanks!

[dwhiteddsoft]

Trying to run rootless as well. Anyone know where the socket is running? I know with Podman, I have to issue a command to start podman running that exposed the socket. I cannot find out how to do this rootless in this case

[ginglis13]

I recently was running rootless containerd w/ nerdctl and experienced the same issue attempting to use ctr. the uri for the containerd socket should be the default /run/containerd/containerd.sock . The issue here appears to be with namespacing. I have a setup with rootless containerd running and from your steps am seeing the same issues, nerdctl works fine, ctr times out.

To work with rootless containerd and ctr, exec into the namespace where the child process of rootless containerd is running:

pid=$(cat $XDG_RUNTIME_DIR/containerd-rootless/child_pid)
nsenter --no-fork --wd="$(pwd)" --preserve-credentials -m -n -U -t "$(pid)" --

now, you should be able to ctr images list, etc. with rootless containerd. Same should go for running your rust program from within this namespace

Source: https://github.com/containerd/nerdctl/blob/e83e18b98e89c7f5948c5777ab3ca0068299e703/extras/rootless/containerd-rootless-setuptool.sh#L142-L147