April 8, 2020
Sudoed podman cannot listen to privileged ports
Edit: This issue is possibly a known one: see "Podman can not create containers that bind to ports < 1024"
It's impossible to reach any exposed privileged port from external net when running podman
sudo podman run -p 80:80 -it nginxSetup: dedicated Centos 8, clean install + docker, no firewalld, iptables at "allow-all" default ruleset. With docker however it works without problem.
What I was trying to run which needed to listen to privileged ports is a certbot inside docker. Motivation is to avoid installing python dependencies or else downloading and running unknown binary.
Labels: centos, centos8, certbot, docker, letsencrypt, linux, opensource, podman
April 4, 2020
Fresh centos8 podman/buildah issues related to alpine
Lately I'm trying out Centos 8 and move to openshift with podman and buildah as docker replacements. So far not without interesting problems!
In a freshly installed updated centos8 it's impossible to build any alpine-based repo or even pull alpine itself:
$ podman pull alpine ... Error committing the finished image: error adding layer with blob "sha256:aad63a9339440e7c3e1fff2b988991b9bfb81280042fa7f39a5e327023056819": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/shadow): lchown /etc/shadow: invalid argument
The following solution is mentioned in libpod issue 2788:
# dnf reinstall shadow-utilsI did not investigate this deep down, however seem capabilities are set wrong for shadow-utils with yum installation (yum reinstall does not fix this):
$ getcap /usr/bin/newuidmap /usr/bin/newgidmapHere's expected output for the command above:
/usr/bin/newuidmap = cap_setuid+ep /usr/bin/newgidmap = cap_setgid+ep
Labels: buildah, centos, centos8, dnf, opensource, podman, yum
