Date: Tue, 13 Feb 2024 07:23:25 -0500 From: peter garshtja <peter.garshtja@ambient-md.com> To: freebsd-jail@freebsd.org Subject: Podman within JAIL(nested containers) Message-ID: <CALFUBVEWwuYpMy%2BrG3V_DKuKG0z3mXvCdEduz6iqQJ2r-Orfhw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--000000000000a578e10611427650 Content-Type: text/plain; charset="UTF-8" Greetings, I have been trying to use podman in a long living jail container on FreeBSD 13.2 release. The long living container is configured with linux emulation > *zroot/bastille/jails/podman/root on / (zfs, local, noatime, nfsv4acls) > zroot/bastille/jails/podman/root/containers on /var/db/containers (zfs, > local, noatime, nfsv4acls) devfs on /compat/linux/dev (devfs) tmpfs on > /compat/linux/dev/shm (tmpfs, local) fdescfs on /compat/linux/dev/fd > (fdescfs) linprocfs on /compat/linux/proc (linprocfs, local) linsysfs on > /compat/linux/sys (linsysfs, local) /tmp on /compat/linux/tmp (nullfs, > local, noatime, nosuid, nfsv4acls) /usr/home on /compat/linux/home (nullfs, > local, noatime, nfsv4acls) /usr/local/bastille/releases/13.2-RELEASE on > /.bastille (nullfs, local, noatime, read-only, nfsv4acls) devfs on /dev > (devfs) fdescfs on /dev/fd (fdescfs)* ATM, I am trying to figure what configuration is missing on the system that causes: > *Error pulling candidate docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>: copying system image from > manifest list: writing blob: adding layer with blob > "sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8": > ApplyLayer stdout: stderr: operation not permitted exit status 1* The full log > *root@podman:~ # podman --log-level debug run --rm --os=linux > docker://docker.io/alpine <http://docker.io/alpine>; cat /etc/os-release > INFO[0000] podman filtering at log level debug DEBU[0000] Called > run.PersistentPreRunE(podman --log-level debug run --rm --os=linux > docker://docker.io/alpine <http://docker.io/alpine>; cat /etc/os-release) > DEBU[0000] Using conmon: "/usr/local/bin/conmon" DEBU[0000] Initializing > boltdb state at /var/db/containers/storage/libpod/bolt_state.db DEBU[0000] > Using graph driver zfs DEBU[0000] Using graph root > /var/db/containers/storage DEBU[0000] Using run root > /var/run/containers/storage DEBU[0000] Using static dir > /var/db/containers/storage/libpod DEBU[0000] Using tmp dir /var/run/libpod > DEBU[0000] Using volume path /var/db/containers/storage/volumes DEBU[0000] > Using transient store: false DEBU[0000] [graphdriver] trying provided > driver "zfs" DEBU[0000] ID:36a2c4c9-eeba-406a-b1e4-0da02dcc28be START > /sbin/zfs list -rHp -t filesystem -o > name,origin,used,available,mountpoint,compression,type,volsize,quota,referenced,written,logicalused,usedbydataset > zroot/bastille/jails/podman/root/containers storage-driver=zfs DEBU[0000] > ID:36a2c4c9-eeba-406a-b1e4-0da02dcc28be FINISH storage-driver=zfs > DEBU[0000] Initializing event backend file DEBU[0000] Configured OCI > runtime youki initialization failed: no valid executable found for OCI > runtime youki: invalid argument DEBU[0000] Configured OCI runtime krun > initialization failed: no valid executable found for OCI runtime krun: > invalid argument DEBU[0000] Configured OCI runtime crun-wasm initialization > failed: no valid executable found for OCI runtime crun-wasm: invalid > argument DEBU[0000] Configured OCI runtime runc initialization failed: no > valid executable found for OCI runtime runc: invalid argument DEBU[0000] > Configured OCI runtime kata initialization failed: no valid executable > found for OCI runtime kata: invalid argument DEBU[0000] Configured OCI > runtime runsc initialization failed: no valid executable found for OCI > runtime runsc: invalid argument DEBU[0000] Configured OCI runtime crun > initialization failed: no valid executable found for OCI runtime crun: > invalid argument DEBU[0000] Configured OCI runtime runj initialization > failed: no valid executable found for OCI runtime runj: invalid argument > DEBU[0000] Using OCI runtime "/usr/local/bin/ocijail" INFO[0000] Setting > parallel job count to 13 DEBU[0000] Successfully loaded 1 networks > DEBU[0000] Pulling image docker://docker.io/alpine > <http://docker.io/alpine>; (policy: missing) DEBU[0000] Looking up image > "docker.io/library/alpine:latest <http://docker.io/library/alpine:latest>" > in local containers storage DEBU[0000] Normalized platform linux/amd64 to > {amd64 linux [] } DEBU[0000] Trying "docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" ... DEBU[0000] reference > "[zfs@/var/db/containers/storage+/var/run/containers/storage]docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" does not resolve to an image ID > DEBU[0000] Trying "docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" ... DEBU[0000] reference > "[zfs@/var/db/containers/storage+/var/run/containers/storage]docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" does not resolve to an image ID > DEBU[0000] Trying "docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" ... DEBU[0000] Enforcing pull > policy to "newer" to pull custom platform (arch: "", os: "linux", variant: > "") - local image may mistakenly specify wrong platform DEBU[0000] Loading > registries configuration "/usr/local/etc/containers/registries.conf" > DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] } DEBU[0000] > Attempting to pull candidate docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>; for > docker.io/library/alpine:latest DEBU[0000 > <http://docker.io/library/alpine:latest%0DDEBU%5B0000>] parsed reference > into > "[zfs@/var/db/containers/storage+/var/run/containers/storage]docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" Trying to pull > docker.io/library/alpine:latest. > <http://docker.io/library/alpine:latest.>.. DEBU[0000] Copying source image > //alpine:latest to destination image > [zfs@/var/db/containers/storage+/var/run/containers/storage]docker.io/library/alpine:latest > DEBU[0000 <http://docker.io/library/alpine:latest%0DDEBU%5B0000>] Using > registries.d directory /usr/local/etc/containers/registries.d DEBU[0000] > Trying to access "docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>" DEBU[0000] No credentials > matching docker.io/library/alpine <http://docker.io/library/alpine>; found > in /root/.config/containers/auth.json DEBU[0000] No credentials matching > docker.io/library/alpine <http://docker.io/library/alpine>; found in > /root/.config/containers/auth.json DEBU[0000] No credentials matching > docker.io/library/alpine <http://docker.io/library/alpine>; found in > /root/.docker/config.json DEBU[0000] No credentials matching > docker.io/library/alpine <http://docker.io/library/alpine>; found in > /root/.dockercfg DEBU[0000] No credentials for docker.io/library/alpine > <http://docker.io/library/alpine>; found DEBU[0000] No signature storage > configuration found for docker.io/library/alpine:latest > <http://docker.io/library/alpine:latest>, using built-in default > file:///var/lib/containers/sigstore DEBU[0000] Looking for TLS certificates > and private keys in /usr/local/etc/docker/certs.d/docker.io > <http://docker.io>; DEBU[0000] GET https://registry-1.docker.io/v2/ > DEBU[0000 <https://registry-1.docker.io/v2/%0DDEBU%5B0000>] Ping > https://registry-1.docker.io/v2/ <https://registry-1.docker.io/v2/>; status > 401 DEBU[0000] GET > https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io > DEBU[0000 > <https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io%0DDEBU[0000>] > GET https://registry-1.docker.io/v2/library/alpine/manifests/latest > DEBU[0000 > <https://registry-1.docker.io/v2/library/alpine/manifests/latest%0DDEBU%5B0000>] > Content-Type from manifest GET is > "application/vnd.docker.distribution.manifest.list.v2+json" DEBU[0000] > Using SQLite blob info cache at > /var/lib/containers/cache/blob-info-cache-v1.sqlite DEBU[0000] Source is a > manifest list; copying (only) instance > sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 for > current system DEBU[0000] GET > https://registry-1.docker.io/v2/library/alpine/manifests/sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 > DEBU[0000 > <https://registry-1.docker.io/v2/library/alpine/manifests/sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0%0DDEBU%5B0000>] > Content-Type from manifest GET is > "application/vnd.docker.distribution.manifest.v2+json" DEBU[0000] > IsRunningImageAllowed for image docker:docker.io/library/alpine:latest > DEBU[0000 <http://docker.io/library/alpine:latest%0DDEBU%5B0000>] Using > default policy section DEBU[0000] Requirement 0: allowed DEBU[0000] > Overall: allowed DEBU[0000] Downloading > /v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd > DEBU[0000] GET > https://registry-1.docker.io/v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd > <https://registry-1.docker.io/v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd>; > Getting image source signatures DEBU[0000] Reading > /var/lib/containers/sigstore/library/alpine@sha256=6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0/signature-1 > DEBU[0000] Not looking for sigstore attachments: disabled by configuration > DEBU[0000] Manifest has MIME type > application/vnd.docker.distribution.manifest.v2+json, ordered candidate > list [application/vnd.docker.distribution.manifest.v2+json, > application/vnd.docker.distribution.manifest.v1+prettyjws, > application/vnd.oci.image.manifest.v1+json, > application/vnd.docker.distribution.manifest.v1+json] DEBU[0000] ... will > first try using the original manifest unmodified DEBU[0000] Checking if we > can reuse blob > sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8: > general substitution = true, compression for MIME type > "application/vnd.docker.image.rootfs.diff.tar.gzip" = true DEBU[0000] > Failed to retrieve partial blob: format not supported on this system > DEBU[0000] Downloading > /v2/library/alpine/blobs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 > DEBU[0000] GET > https://registry-1.docker.io/v2/library/alpine/blobs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 > <https://registry-1.docker.io/v2/library/alpine/blobs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8>; > Copying blob 4abcf2066143 [--------------------------------------] 0.0b / > 3.3MiB (skipped: 0.0b = 0.00%) Copying blob 4abcf2066143 > [--------------------------------------] 0.0b / 3.3MiB | 0.0 b/s Copying > blob 4abcf2066143 done | Copying blob 4abcf2066143 done | DEBU[0001] > ID:62d93b96-1b16-4703-8999-a2ba584f1bc5 FINISH storage-driver=zfs > DEBU[0001] ID:1871d56d-a96a-4a0d-8355-6688f206d776 START /sbin/zfs list -Hp > -o > name,origin,used,available,mountpoint,compression,type,volsize,quota,referenced,written,logicalused,usedbydataset > zroot/bastille/jails/podman/root/containers/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 > storage-driver=zfs Copying blob 4abcf2066143 done | DEBU[0001] > mount("zroot/bastille/jails/podman/root/containers/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820", > "/var/db/containers/storage/zfs/graph/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820", > "") storage-driver=zfs DEBU[0001] Start untar layer ERRO[0001] While > applying layer: ApplyLayer stdout: stderr: operation not permitted exit > status 1 DEBU[0001] > unmount("/var/db/containers/storage/zfs/graph/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820") > storage-driver=zfs DEBU[0001] ID:acefec41-353b-4871-a2e7-a60a7b239d94 START > /sbin/zfs destroy -r > zroot/bastille/jails/podman/root/containers/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820 > storage-driver=zfs DEBU[0001] ID:acefec41-353b-4871-a2e7-a60a7b239d94 > FINISH storage-driver=zfs DEBU[0001] Error pulling candidate > docker.io/library/alpine:latest <http://docker.io/library/alpine:latest>: > copying system image from manifest list: writing blob: adding layer with > blob > "sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8": > ApplyLayer stdout: stderr: operation not permitted exit status 1 Error: > copying system image from manifest list: writing blob: adding layer with > blob > "sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8": > ApplyLayer stdout: stderr: operation not permitted exit status 1 DEBU[0001] > Shutting down engines * Please advise. Thanks, Petru --000000000000a578e10611427650 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><p dir=3D"auto">Greetings,</p> <p dir=3D"auto">I have been trying to use podman in a long living jail cont= ainer on FreeBSD 13.2 release.<br> The long living container is configured with linux emulation</p><blockquote= class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so= lid rgb(204,204,204);padding-left:1ex"><b><code>zroot/bastille/jails/podman= /root on / (zfs, local, noatime, nfsv4acls) zroot/bastille/jails/podman/root/containers on /var/db/containers (zfs, loc= al, noatime, nfsv4acls) devfs on /compat/linux/dev (devfs) tmpfs on /compat/linux/dev/shm (tmpfs, local) fdescfs on /compat/linux/dev/fd (fdescfs) linprocfs on /compat/linux/proc (linprocfs, local) linsysfs on /compat/linux/sys (linsysfs, local) /tmp on /compat/linux/tmp (nullfs, local, noatime, nosuid, nfsv4acls) /usr/home on /compat/linux/home (nullfs, local, noatime, nfsv4acls) /usr/local/bastille/releases/13.2-RELEASE on /.bastille (nullfs, local, noa= time, read-only, nfsv4acls) devfs on /dev (devfs) fdescfs on /dev/fd (fdescfs)</code></b></blockquote><div><br></div><div><p = dir=3D"auto">ATM, I am trying to figure what configuration is missing on th= e system that causes:</p> <blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-= left:1px solid rgb(204,204,204);padding-left:1ex"><code><b>Error pulling ca= ndidate <a href=3D"http://docker.io/library/alpine:latest" target=3D"_blank= ">docker.io/library/alpine:latest</a>: copying system image from manifest l= ist: writing blob: adding layer with blob "sha256:4abcf20661432fb2d719= aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8": ApplyLayer stdout: std= err: operation not permitted exit status 1</b></code></blockquote>=C2=A0</d= iv><div><p dir=3D"auto">The full log</p> <div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo= rder-left:1px solid rgb(204,204,204);padding-left:1ex"><code><b>root@podman= :~ # podman --log-level debug run --rm --os=3Dlinux docker://<a href=3D"htt= p://docker.io/alpine" target=3D"_blank">docker.io/alpine</a> cat /etc/os-re= lease INFO[0000] podman filtering at log level debug DEBU[0000] Called run.PersistentPreRunE(podman --log-level debug run --rm -= -os=3Dlinux docker://<a href=3D"http://docker.io/alpine" target=3D"_blank">= docker.io/alpine</a> cat /etc/os-release) DEBU[0000] Using conmon: "/usr/local/bin/conmon" DEBU[0000] Initializing boltdb state at /var/db/containers/storage/libpod/b= olt_state.db DEBU[0000] Using graph driver zfs DEBU[0000] Using graph root /var/db/containers/storage DEBU[0000] Using run root /var/run/containers/storage DEBU[0000] Using static dir /var/db/containers/storage/libpod DEBU[0000] Using tmp dir /var/run/libpod DEBU[0000] Using volume path /var/db/containers/storage/volumes DEBU[0000] Using transient store: false DEBU[0000] [graphdriver] trying provided driver "zfs" DEBU[0000] ID:36a2c4c9-eeba-406a-b1e4-0da02dcc28be START /sbin/zfs list -rH= p -t filesystem -o name,origin,used,available,mountpoint,compression,type,v= olsize,quota,referenced,written,logicalused,usedbydataset zroot/bastille/ja= ils/podman/root/containers storage-driver=3Dzfs DEBU[0000] ID:36a2c4c9-eeba-406a-b1e4-0da02dcc28be FINISH =20 storage-driver=3Dzfs DEBU[0000] Initializing event backend file DEBU[0000] Configured OCI runtime youki initialization failed: no valid=20 executable found for OCI runtime youki: invalid argument DEBU[0000] Configured OCI runtime krun initialization failed: no valid=20 executable found for OCI runtime krun: invalid argument DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no=20 valid executable found for OCI runtime crun-wasm: invalid argument DEBU[0000] Configured OCI runtime runc initialization failed: no valid=20 executable found for OCI runtime runc: invalid argument DEBU[0000] Configured OCI runtime kata initialization failed: no valid=20 executable found for OCI runtime kata: invalid argument DEBU[0000] Configured OCI runtime runsc initialization failed: no valid=20 executable found for OCI runtime runsc: invalid argument DEBU[0000] Configured OCI runtime crun initialization failed: no valid=20 executable found for OCI runtime crun: invalid argument DEBU[0000] Configured OCI runtime runj initialization failed: no valid=20 executable found for OCI runtime runj: invalid argument DEBU[0000] Using OCI runtime "/usr/local/bin/ocijail" INFO[0000] Setting parallel job count to 13 DEBU[0000] Successfully loaded 1 networks DEBU[0000] Pulling image docker://<a href=3D"http://docker.io/alpine" targe= t=3D"_blank">docker.io/alpine</a> (policy: missing) DEBU[0000] Looking up image "<a href=3D"http://docker.io/library/alpin= e:latest" target=3D"_blank">docker.io/library/alpine:latest</a>" in lo= cal containers storage DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] } DEBU[0000] Trying "<a href=3D"http://docker.io/library/alpine:latest" = target=3D"_blank">docker.io/library/alpine:latest</a>" ... DEBU[0000] reference "[zfs@/var/db/containers/storage+/var/run/contain= ers/storage]<a href=3D"http://docker.io/library/alpine:latest" target=3D"_b= lank">docker.io/library/alpine:latest</a>" does not resolve to an imag= e ID DEBU[0000] Trying "<a href=3D"http://docker.io/library/alpine:latest" = target=3D"_blank">docker.io/library/alpine:latest</a>" ... DEBU[0000] reference "[zfs@/var/db/containers/storage+/var/run/contain= ers/storage]<a href=3D"http://docker.io/library/alpine:latest" target=3D"_b= lank">docker.io/library/alpine:latest</a>" does not resolve to an imag= e ID DEBU[0000] Trying "<a href=3D"http://docker.io/library/alpine:latest" = target=3D"_blank">docker.io/library/alpine:latest</a>" ... DEBU[0000] Enforcing pull policy to "newer" to pull custom platfo= rm=20 (arch: "", os: "linux", variant: "") - local = image may mistakenly=20 specify wrong platform DEBU[0000] Loading registries configuration "/usr/local/etc/containers= /registries.conf" DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] } DEBU[0000] Attempting to pull candidate <a href=3D"http://docker.io/library= /alpine:latest" target=3D"_blank">docker.io/library/alpine:latest</a> for <= a href=3D"http://docker.io/library/alpine:latest%0DDEBU%5B0000" target=3D"_= blank">docker.io/library/alpine:latest DEBU[0000</a>] parsed reference into "[zfs@/var/db/containers/storage+= /var/run/containers/storage]<a href=3D"http://docker.io/library/alpine:late= st" target=3D"_blank">docker.io/library/alpine:latest</a>" Trying to pull <a href=3D"http://docker.io/library/alpine:latest." target= =3D"_blank">docker.io/library/alpine:latest.</a>.. DEBU[0000] Copying source image //alpine:latest to destination image [zfs@/= var/db/containers/storage+/var/run/containers/storage]<a href=3D"http://doc= ker.io/library/alpine:latest%0DDEBU%5B0000" target=3D"_blank">docker.io/lib= rary/alpine:latest DEBU[0000</a>] Using registries.d directory /usr/local/etc/containers/regis= tries.d DEBU[0000] Trying to access "<a href=3D"http://docker.io/library/alpin= e:latest" target=3D"_blank">docker.io/library/alpine:latest</a>" DEBU[0000] No credentials matching <a href=3D"http://docker.io/library/alpi= ne" target=3D"_blank">docker.io/library/alpine</a> found in /root/.config/c= ontainers/auth.json DEBU[0000] No credentials matching <a href=3D"http://docker.io/library/alpi= ne" target=3D"_blank">docker.io/library/alpine</a> found in /root/.config/c= ontainers/auth.json DEBU[0000] No credentials matching <a href=3D"http://docker.io/library/alpi= ne" target=3D"_blank">docker.io/library/alpine</a> found in /root/.docker/c= onfig.json DEBU[0000] No credentials matching <a href=3D"http://docker.io/library/alpi= ne" target=3D"_blank">docker.io/library/alpine</a> found in /root/.dockercf= g DEBU[0000] No credentials for <a href=3D"http://docker.io/library/alpine" t= arget=3D"_blank">docker.io/library/alpine</a> found DEBU[0000] No signature storage configuration found for <a href=3D"http://= docker.io/library/alpine:latest" target=3D"_blank">docker.io/library/alpine= :latest</a>, using built-in default file:///var/lib/containers/sigstore DEBU[0000] Looking for TLS certificates and private keys in /usr/local/etc/= docker/certs.d/<a href=3D"http://docker.io" target=3D"_blank">docker.io</a> DEBU[0000] GET <a href=3D"https://registry-1.docker.io/v2/%0DDEBU%5B0000" t= arget=3D"_blank">https://registry-1.docker.io/v2/ DEBU[0000</a>] Ping <a href=3D"https://registry-1.docker.io/v2/" target=3D"= _blank">https://registry-1.docker.io/v2/</a>; status 401 DEBU[0000] GET <a href=3D"https://auth.docker.io/token?scope=3Drepository%3= Alibrary%2Falpine%3Apull&service=3Dregistry.docker.io%0DDEBU[0000" targ= et=3D"_blank">https://auth.docker.io/token?scope=3Drepository%3Alibrary%2Fa= lpine%3Apull&service=3Dregistry.docker.io DEBU[0000</a>] GET <a href=3D"https://registry-1.docker.io/v2/library/alpin= e/manifests/latest%0DDEBU%5B0000" target=3D"_blank">https://registry-1.dock= er.io/v2/library/alpine/manifests/latest DEBU[0000</a>] Content-Type from manifest GET is "application/vnd.dock= er.distribution.manifest.list.v2+json" DEBU[0000] Using SQLite blob info cache at /var/lib/containers/cache/blob-i= nfo-cache-v1.sqlite DEBU[0000] Source is a manifest list; copying (only) instance sha256:6457d5= 3fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 for current syst= em DEBU[0000] GET <a href=3D"https://registry-1.docker.io/v2/library/alpine/ma= nifests/sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd06289= 77d0%0DDEBU%5B0000" target=3D"_blank">https://registry-1.docker.io/v2/libra= ry/alpine/manifests/sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c07= 2d929dd0628977d0 DEBU[0000</a>] Content-Type from manifest GET is "application/vnd.dock= er.distribution.manifest.v2+json" DEBU[0000] IsRunningImageAllowed for image docker:<a href=3D"http://docker.= io/library/alpine:latest%0DDEBU%5B0000" target=3D"_blank">docker.io/library= /alpine:latest DEBU[0000</a>] Using default policy section DEBU[0000] Requirement 0: allowed DEBU[0000] Overall: allowed DEBU[0000] Downloading /v2/library/alpine/blobs/sha256:05455a08881ea9cf0e75= 2bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd DEBU[0000] GET <a href=3D"https://registry-1.docker.io/v2/library/alpine/bl= obs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd= " target=3D"_blank">https://registry-1.docker.io/v2/library/alpine/blobs/sh= a256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd</a> Getting image source signatures DEBU[0000] Reading /var/lib/containers/sigstore/library/alpine@sha256=3D645= 7d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0/signature-1 DEBU[0000] Not looking for sigstore attachments: disabled by configuration DEBU[0000] Manifest has MIME type application/vnd.docker.distribution.manif= est.v2+json, ordered candidate list [application/vnd.docker.distribution.ma= nifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, = application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribu= tion.manifest.v1+json] DEBU[0000] ... will first try using the original manifest unmodified DEBU[0000] Checking if we can reuse blob sha256:4abcf20661432fb2d719aaf9065= 6f55c287f8ca915dc1c92ec14ff61e67fbaf8: general substitution =3D true, compr= ession for MIME type "application/vnd.docker.image.rootfs.diff.tar.gzi= p" =3D true DEBU[0000] Failed to retrieve partial blob: format not supported on this sy= stem DEBU[0000] Downloading /v2/library/alpine/blobs/sha256:4abcf20661432fb2d719= aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 DEBU[0000] GET <a href=3D"https://registry-1.docker.io/v2/library/alpine/bl= obs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8= " target=3D"_blank">https://registry-1.docker.io/v2/library/alpine/blobs/sh= a256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8</a> Copying blob 4abcf2066143 [--------------------------------------] 0.0b / 3= .3MiB (skipped: 0.0b =3D 0.00%) Copying blob 4abcf2066143 [--------------------------------------] 0.0b / 3= .3MiB | 0.0 b/s Copying blob 4abcf2066143 done | Copying blob 4abcf2066143 done | DEBU[0001] ID:62d93b96-1b16-4703-8999-a2ba584f1bc5 FINISH storage-driver= =3Dzfs DEBU[0001] ID:1871d56d-a96a-4a0d-8355-6688f206d776 START /sbin/zfs list -Hp= -o name,origin,used,available,mountpoint,compression,type,volsize,quota,re= ferenced,written,logicalused,usedbydataset zroot/bastille/jails/podman/root= /containers/d4fc045c9e3a848011de66f34b81f052d4f2c15a17bb196d637e52634960182= 0 storage-driver=3Dzfs Copying blob 4abcf2066143 done | DEBU[0001] mount("zroot/bastille/jails/podman/root/containers/d4fc045c= 9e3a848011de66f34b81f052d4f2c15a17bb196d637e526349601820", "/var/= db/containers/storage/zfs/graph/d4fc045c9e3a848011de66f34b81f052d4f2c15a17b= b196d637e526349601820", "") storage-driver=3Dzfs DEBU[0001] Start untar layer ERRO[0001] While applying layer: ApplyLayer stdout: stderr: operation not = permitted exit status 1 DEBU[0001] unmount("/var/db/containers/storage/zfs/graph/d4fc045c9e3a8= 48011de66f34b81f052d4f2c15a17bb196d637e526349601820") storage-driver= =3Dzfs DEBU[0001] ID:acefec41-353b-4871-a2e7-a60a7b239d94 START /sbin/zfs destroy = -r zroot/bastille/jails/podman/root/containers/d4fc045c9e3a848011de66f34b81= f052d4f2c15a17bb196d637e526349601820 storage-driver=3Dzfs DEBU[0001] ID:acefec41-353b-4871-a2e7-a60a7b239d94 FINISH storage-driver= =3Dzfs DEBU[0001] Error pulling candidate <a href=3D"http://docker.io/library/alpi= ne:latest" target=3D"_blank">docker.io/library/alpine:latest</a>: copying s= ystem image from manifest list: writing blob: adding layer with blob "= sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8&quo= t;: ApplyLayer stdout: stderr: operation not permitted exit status 1 Error: copying system image from manifest list: writing blob: adding layer = with blob "sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14= ff61e67fbaf8": ApplyLayer stdout: stderr: operation not permitted exi= t status 1 DEBU[0001] Shutting down engines </b></code></blockquote><div><br></div><div>Please advise.</div><div>Thanks= ,</div><div>Petru <div class=3D"gmail-yj6qo"></div><div class=3D"gmail-adL"= ><br><br></div></div></div></div></div> --000000000000a578e10611427650--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALFUBVEWwuYpMy%2BrG3V_DKuKG0z3mXvCdEduz6iqQJ2r-Orfhw>