podman-static icon indicating copy to clipboard operation
podman-static copied to clipboard

Published 20 hours ago verified publisher icon mgoltzsche

Error: cannot setup namespace using newuidmap: exit status 1

Open ariansvirsky opened this issue 2 years ago • 2 comments

When trying to run it on k8s, getting the error Error: cannot setup namespace using newuidmap: exit status 1

ariansvirsky avatar Jan 02 '22 07:01 ariansvirsky

@ariansvirsky it should work if you run podman within a privileged container - you can still let it run as unprivileged user.

I think it might even work without running the parent container as privileged when using CRI-O because it grants certain permissions by default that are required to run rootless containers but when using other container engines like containerd you still need to add a couple of capabilities and/or provide a custom seccomp profile or simply run podman within a privileged container (using an unprivilged user).

mgoltzsche avatar Jan 02 '22 21:01 mgoltzsche

@ariansvirsky actually please try using the mgoltzsche/podman:3.4.2-minimal image. Since it does not create a user namespace in the first place, the uidmap error should not occur. (I guess so far you used mgoltzsche/podman:3.4.2 (without *-minimal tag).)

mgoltzsche avatar Jan 07 '22 22:01 mgoltzsche