UID/GID errors when launching dock-droid image #18
Description
I'm trying to launch docker.io/sickcodes/dock-droid:latest on Pop_OS 22.04 with podman 3.4.4. I'm getting the following error:
$ docker run -it --device /dev/kvm -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" -p 5555:5555 docker.io/sickcodes/dock-droid
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Trying to pull docker.io/sickcodes/dock-droid:latest...
[snip blob copying]
Error: writing blob: adding layer with blob "sha256:737951ef135522efba7bed8ee87e3d49e44a3b63120c7df4e4e4d821a48c6ecc": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 1000:1000 for /home/arch): Check /etc/subuid and /etc/subgid: lchown /home/arch: invalid argument
By the by, /etc/subuid and /etc/subgid are both empty.
Looking at a tip I found online, I added the --storage-opt ignore_chown_errors=true to the command. This gave me a related error:
$ podman --storage-opt ignore_chown_errors=true run -it --device /dev/kvm -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" -p 5555:5555 docker.io/sickcodes/dock-droid
Trying to pull docker.io/sickcodes/dock-droid:latest...
Getting image source signatures
[snip]
Writing manifest to image destination
Storing signatures
Error: OCI runtime error: runc create failed: unable to start container process: unable to setup user: invalid argument
Googling that error message seems to indicate that it is related UID mapping, so I think the two issues are related.
For reference:
$ podman info
host:
arch: amd64
buildahVersion: 1.23.1
cgroupControllers:
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: 'conmon: /usr/bin/conmon'
path: /usr/bin/conmon
version: 'conmon version 2.0.25, commit: unknown'
cpus: 12
distribution:
codename: jammy
distribution: pop
version: "22.04"
eventLogger: journald
hostname: cherry
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
uidmap:
- container_id: 0
host_id: 1000
size: 1
kernel: 6.1.11-76060111-generic
linkmode: dynamic
logDriver: journald
memFree: 1286414336
memTotal: 33600307200
ociRuntime:
name: runc
package: 'runc: /usr/sbin/runc'
path: /usr/sbin/runc
version: |-
runc version 1.1.0-0ubuntu1.1
spec: 1.0.2-dev
go: go1.18.1
libseccomp: 2.5.3
os: linux
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: 'slirp4netns: /usr/bin/slirp4netns'
version: |-
slirp4netns version 1.0.1
commit: 6a7b16babc95b6a3056b33fb45b74a6f62262dd4
libslirp: 4.6.1
swapFree: 7604273152
swapTotal: 21474299904
uptime: 53h 14m 56.37s (Approximately 2.21 days)
plugins:
log:
- k8s-file
- none
- journald
network:
- bridge
- macvlan
volume:
- local
registries: {}
store:
configFile: /home/ralmond/.config/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/ralmond/.local/share/containers/storage
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageStore:
number: 1
runRoot: /run/user/1000/containers
volumePath: /home/ralmond/.local/share/containers/storage/volumes
version:
APIVersion: 3.4.4
Built: 0
BuiltTime: Wed Dec 31 19:00:00 1969
GitCommit: ""
GoVersion: go1.17.3
OsArch: linux/amd64
Version: 3.4.4
Thanks for any suggestions.