Hello
Issue very similar to Running podman on NixOS guest which was left pending.
A Debian container hosted on LXD host will install podman and pull Docker images from repo but won’t run them due to missing access to cgroup
→ podman run feb5d9fea6a5
Error: OCI runtime error: the requested cgroup controller pids is not available
Any hint on how to grant the adequate accesses to the Debian host?
Thanks
Do you have /sys/fs/cgroup/pids/ populated in the container?
You’re mentioning Debian so it could also be a simple issue of lack of cgroup2 support in this particular setup. If that’s the case, try booting your host in cgroup1 mode (systemd.unified_cgroup_hierarchy=false).
Thanks Stéphane,
Indeed the host is running on cgroups v1 as issues were encountered if the kernel arg systemd.unified_cgroup_hierarchy=0 is omitted.
I understand Podman needs to use cgroups v2 so will try on a new host (or see if use of cgroups v1 can be enforced over Podman).
To answer your 1st question, the /sys/fs/cgroup/pids directory does not exist on the container.
Best
Ah, if the host is on cgroup1, then /sys/fs/cgroup/pids should exist in the container.
If it doesn’t, it’s most likely because systemd in the container is similarly being forced to cgroup2 by the distro…
Might be worth trying to set raw.lxc to lxc.init.cmd=/sbin/init systemd.unified_cgroup_hierarchy=0 and see if the container then picks up /sys/fs/cgroup/pids.
Amazing, I did the following:
lxc config set $CONTAINER raw.lxc='lxc.init.cmd=/sbin/init systemd.unified_cgroup_hierarchy=0'
lxc restart $CONTAINER
In $CONTAINER:
podman run feb5d9fea6a5
now gives expected output:
“Hello from Docker!
This message shows that your installation appears to be working correctly.”
As you guessed /sys/fs/cgroup/pids is populated
Hopefully cgroupsv2 will be supported end to end on Debian soon so this won’t be necessary.
Many thanks