Comments (3)
It is a issue with pasta (passt), most likely apparmor blocking access when you are on debian. You should check the audit.log to confirm. Or disable apparmor.
I don't know how you installed this as debian stable doesn't ship these updates but please check the installed apparmor policy.
from podman.
It is a issue with pasta (passt), most likely apparmor blocking access when you are on debian. You should check the audit.log to confirm. Or disable apparmor.
Yeah, there is a log in the journal: AVC apparmor="DENIED" operation="open" profile="passt" name="/run/user/1000/netns/netns-fc48cae4-8a15-67d8-f96d-f2e683d49dc5" pid=2292 comm="passt.avx2" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Thanks. Disable passt profile did it: apparmor_parser -R /etc/apparmor.d/usr.bin.passt
Or defining this rules in the usr.bin.passt
profile did it as well:
@{run}/user/1000/** wr,
/dev/net/tun wr,
But I am not familiar with apparmor rules and if this are the most restricted and minimalist rules?!
I don't know how you installed this as debian stable doesn't ship these updates but please check the installed apparmor policy.
They are installed by another repository, where these versions come from.
from podman.
You should check your installed profile. pasta ships a working profile upstream https://passt.top/passt/tree/contrib/apparmor/usr.bin.pasta so it is best to use that and if there are problems with that profile report them to the pasta maintainers.
from podman.
Related Issues (20)
- Podman machine returns wrong resources info on WSL
- mknod on Mac fails
- Podman in VM uses host arch to choose architecture of an image HOT 4
- podman 5.0.3 fails now with message pasta failed with exit code 1: couldn't set IPv6 route(s) in guest: no route to host HOT 3
- podman system reset doesn't remove blob-info-cache-v1.sqlite HOT 1
- REST API: internal network forwards DNS requests to external nameservers HOT 2
- [packit] Propose downstream failed for release v5.1.0
- Windows: unable to connect to Podman socket: failed to read identity
- windows: expected array [X Y Z] to contain X
- Pull policy for build does not follow documentation
- Windows: Starting container in pod that publishes ports prints `Error: starting some containers: internal libpod error` HOT 6
- Running podman inside a docker container with gpu support HOT 2
- podman exec [mandatory command?] HOT 3
- 'podman stop' does not thoroughly clean up, resulting in 'the container name \"autotests\" is already in use' HOT 3
- Podman Kube Play with --userns=auto - How to chown volumes? HOT 4
- MongoDB warns that vm.max_map_count is too low
- Quay.io images are lagging behind HOT 7
- podman 5.x and pasta gateway crashes fedora40 completely when virtualbox 7.0.18 is running HOT 5
- podman kube play unhealthy does not restart container
- `podman container runlabel` instead of `podman runlabel`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from podman.