https://bugzilla.suse.com/show_bug.cgi?id=1222450 Aleksa Sarai changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|containers-bugowner@suse.de |asarai@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1222450 https://bugzilla.suse.com/show_bug.cgi?id=1222450#c3 Miika Alikirri changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(miika.alikirri@su | |se.com) | --- Comment #3 from Miika Alikirri --- (In reply to Aleksa Sarai from comment #2)

(In reply to Aleksa Sarai from comment #1)

...

What is the contents of /sys/fs/cgroup/cgroup.controllers?

And also /sys/fs/cgroup/cgroup.subtree_control

I downloaded a latest snapshot and did nothing but install podman on it and got the same result. Here are the file contents: $ cat /sys/fs/cgroup/cgroup.subtree_control pids $ cat /sys/fs/cgroup/cgroup.controllers cpuset cpu io memory hugetlb pids rdma misc -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.suse.com/show_bug.cgi?id=1222450 https://bugzilla.suse.com/show_bug.cgi?id=1222450#c5 Aleksa Sarai changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Containers |Basesystem Assignee|asarai@suse.com |screening-team-bugs@suse.de --- Comment #5 from Aleksa Sarai --- So, the issue is that systemd is not enabling all of the controllers at the root (subtree_control is missing a bunch of controllers on your system), resulting in the container not being able to start because the controllers are not available. This is a little surprising because crun/runc creates a systemd transient unit that has all of the restrictions listed. I can reproduce this somewhat on my machine -- depending on the running services, the set of subtree_control-enabled controllers varies. If I start Docker and run a container, all of the controllers are enabled and using podman works. But if you stop the Docker service, the cpu controller is disabled and so --cpu-shares no longer works. This seems like a systemd issue to me. Why is a TransientUnit with all of the relevant restrictions applied not sufficient to get systemd to enable the needed controllers? -- You are receiving this mail because: You are on the CC list for the bug.