buildah icon indicating copy to clipboard operation
buildah copied to clipboard
verified publisher icon containers

when using runsc: flag provided but not defined: -no-new-keyring

Open dseomn opened this issue 9 months ago • 3 comments

With ~/.config/containers/containers.conf containing:

[engine]
  runtime = "runsc"

I get this error from buildah/runsc:

error running container: from /usr/bin/runsc creating container for [(REDACTED)]: flag provided but not defined: -no-new-keyring

It looks like --no-new-keyring is a runc flag, but I don't see any evidence of that flag for gvisor/runsc.

dseomn avatar Mar 11 '25 23:03 dseomn

@giuseppe is there some method of knowing whether or not the runtime can accept this flag that's better than checking the error output for "no-new-keyring" if it errors out at this step?

nalind avatar Mar 13 '25 18:03 nalind

some OCI runtimes (crun and runc do) got a new verb features to check what features are supported, but I see that both runtimes do not mention no-new-keyring and that runsc does not support features at all.

Is no-new-keyring something we could avoid though? That should work now from a rootless user namespace (that was fixed some years ago IIRC)

giuseppe avatar Mar 13 '25 20:03 giuseppe

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Apr 13 '25 00:04 github-actions[bot]