Toolbox fails with error "Error: failed to get the Podman version" #129

New issue

Closed

opened 2022-04-18 00:30:08 +00:00 by a · 4 comments

a commented 2022-04-18 00:30:08 +00:00

Owner

Copy link

This is the complete output:

guest@exozyme ~> toolbox enter --verbose
DEBU Running as real user ID 1001                 
DEBU Resolved absolute path to the executable as /usr/bin/toolbox 
DEBU Running on a cgroups v2 host                 
DEBU Checking if /etc/subgid and /etc/subuid have entries for user guest 
DEBU Validating sub-ID file /etc/subuid           
DEBU Validating sub-ID file /etc/subgid           
DEBU TOOLBOX_PATH is /usr/bin/toolbox             
DEBU Migrating to newer Podman                    
DEBU Toolbox config directory is /home/guest/.config/toolbox 
Error: error creating tmpdir: mkdir /run/user/1001: permission denied
DEBU Migrating to newer Podman: failed to get the Podman version: failed to invoke podman(1) 
Error: failed to get the Podman version

This is the complete output: ``` guest@exozyme ~> toolbox enter --verbose DEBU Running as real user ID 1001 DEBU Resolved absolute path to the executable as /usr/bin/toolbox DEBU Running on a cgroups v2 host DEBU Checking if /etc/subgid and /etc/subuid have entries for user guest DEBU Validating sub-ID file /etc/subuid DEBU Validating sub-ID file /etc/subgid DEBU TOOLBOX_PATH is /usr/bin/toolbox DEBU Migrating to newer Podman DEBU Toolbox config directory is /home/guest/.config/toolbox Error: error creating tmpdir: mkdir /run/user/1001: permission denied DEBU Migrating to newer Podman: failed to get the Podman version: failed to invoke podman(1) Error: failed to get the Podman version ```

a added the

bug

label 2022-04-18 00:30:08 +00:00

a added this to the (deleted) project 2022-04-18 00:30:08 +00:00

a started working 2022-04-18 00:30:11 +00:00

a commented 2022-04-18 00:33:44 +00:00

Author

Owner

Copy link

Alright, I'm pretty sure the bug is becaue Podman and our JupyterHub sandboxing don't play well together. I'm thinking of just disabling the sandboxing for JupyterHub (which is bad for security of course), which should fix the issue. Or you can use Nix instead.

Alright, I'm pretty sure the bug is becaue Podman and our JupyterHub sandboxing don't play well together. I'm thinking of just disabling the sandboxing for JupyterHub (which is bad for security of course), which should fix the issue. Or you can use Nix instead.

a stopped working 2022-04-18 00:34:00 +00:00

3 minutes 49 seconds

a commented 2022-04-18 00:35:56 +00:00

Author

Owner

Copy link

FYI this is the (default) systemd sandboxing that we use for JupyterHub:

# Apply some service hardening.
# The default LocalProcess spawner needs SETUID and SETGID to run the
# single-user servers.
CapabilityBoundingSet=CAP_SETUID CAP_SETGID
LockPersonality=true
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full
ReadWritePaths=/etc/jupyterhub
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service

FYI this is the (default) systemd sandboxing that we use for JupyterHub: ``` # Apply some service hardening. # The default LocalProcess spawner needs SETUID and SETGID to run the # single-user servers. CapabilityBoundingSet=CAP_SETUID CAP_SETGID LockPersonality=true NoNewPrivileges=true PrivateTmp=true PrivateDevices=true ProtectClock=true ProtectControlGroups=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectProc=invisible ProtectSystem=full ReadWritePaths=/etc/jupyterhub RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service ```

a commented 2022-04-18 01:01:58 +00:00

Author

Owner

Copy link

I uninstalled Toolbox so that "fixes" this bug.

I uninstalled Toolbox so that "fixes" this bug.

a closed this issue 2022-04-18 01:01:58 +00:00

a commented 2022-04-18 01:04:03 +00:00

Author

Owner

Copy link

I confirmed that Nix doesn't suffer from this bug since it doesn't use any virtualization.

I confirmed that Nix doesn't suffer from this bug since it doesn't use any virtualization.

a added the

wontfix

label 2022-04-18 21:29:35 +00:00

a referenced this issue 2022-07-29 19:48:02 +00:00

Distrobox doesn't work on exohub #170

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v9.0

v8.8

v8.7

v8.6

v8.5

v8.4

v8.3

v8.2

v8.1

v8.0

v7.10

v7.9

v7.8

v7.7

v7.6

v7.5

v7.4

v7.3

v7.2

v7.1

v7.0

v6.1

v6.0

v5.1

v5.0

v4.2

v4.1

v4.0

v3.0

v2.5

v2.4

v2.3

v2.2

v2.1

v2.0

v1.3

v1.2

v1.1

v1.0

v0.3-beta

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

Security vulnerability

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Total time spent: 3 minutes 49 seconds

a

3 minutes 49 seconds

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: exozyme/exozyme#129

No description provided.