podman container fails to start: mkdir journal dir permission denied

molsqueak

4/27/23, 12:35 PM

I had some containers running smoothly in Centos 8.2 with podman. After upgrading to Centos 8.5, I found several of the containers failing to run. In the command line, I see this:

$ podman run --name=digikam-test lscr.io/linuxserver/digikam
Error: OCI runtime error: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: Running hook #0:: error running hook: exit status 1, stdout: , stderr:

In journalctl -xe, I see this:

Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: :memory:/user.slice/user-1000.slice/session-4.scope
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: Found cgroup
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: PATH: /user.slice/user-1000.slice/session-4.scope
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: SUBSYSTEM_PATH: /sys/fs/cgroup/memory/user.slice/user-1000.slice/session-4.scope
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: memory path: /sys/fs/cgroup/memory/user.slice/user-1000.slice/session-4.scope/memory.limit_in_bytes
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: LIMIT: 9223372036854771712
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <debug>: c4e81974f5be: Limit in bytes: 9223372036854771712
Dec 27 06:55:36 oci-systemd-hook[2869749]: systemdhook <error>: c4e81974f5be: Failed to mkdir journal dir: /var/log/journal/c4e81974f5be: Permission denied

I disabled selinux with setenforce 0 while trying to solve this issue, but it does not change the error message. After updating to Centos 8.5, I've migrated the OS to Rocky Linux 8.5. The error message remained the same. podman version is 3.3.1. I have at least one container that runs correctly after the 8.2->8.5->Rocky migration. That one container is not sourced from linuxserver.io.

Can anyone help me figure out what the problem is here with the inability for the container to create a journal dir? Thanks for any help!

467

0 + 0

containers

podman

centos8

rocky-linux

djdomi

5/1/23, 4:57 PM

i think the most issues might be that it could be that the cgroup changed fron 1 to 2 so cgroup2 should be used?

molsqueak

5/2/23, 2:56 PM

It appears that cgroup v1 is in use. `$ podman info host: arch: amd64 buildahVersion: 1.22.3 cgroupControllers: [] cgroupManager: cgroupfs cgroupVersion: v1 `

Score:0

Server

tilleyc

4/30/23, 5:34 PM

Are you running it as root? Most likely it is running as a non-privileged user and cannot create the directory.

0 + 0

molsqueak

4/30/23, 2:43 PM

I am running it as my normal user as I had done in Centos 8.2 when things were working. I had originally ran them this way because it appeared to be best practice with podman. I will look into giving my user account permission to create directories in /var/log/journal

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: podman container fails to start: mkdir journal dir permission denied

TH: คอนเทนเนอร์ podman ไม่สามารถเริ่มต้น: ปฏิเสธการอนุญาต mkdir Journal dir

RO: containerul podman nu pornește: mkdir journal dir permisiunea refuzată

RU: Контейнер podman не запускается: разрешение каталога журнала mkdir отклонено

VI: bộ chứa podman không khởi động được: quyền dir tạp chí mkdir bị từ chối

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.