I am trying to run podman rootless but i get the following error:
$ podman run hello-world
Error: OCI runtime error: crun: sd-bus call: Process org.freedesktop.systemd1 exited with status 1: Input/output error
When running wit --log-level=debug :
$ podman --log-level=debug run hello-world
INFO[0000] /run/current-system/sw/bin/podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(/run/current-system/sw/bin/podman --log-level=debug run hello-world)
DEBU[0000] Using conmon: "/nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/conmon"
INFO[0000] Using sqlite as database backend
DEBU[0000] Using graph driver btrfs
DEBU[0000] Using graph root /home/nu/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1000/containers
DEBU[0000] Using static dir /home/nu/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1000/libpod/tmp
DEBU[0000] Using volume path /home/nu/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] [graphdriver] trying provided driver "btrfs"
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime crun-vm initialization failed: no valid executable found for OCI runtime crun-vm: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Using OCI runtime "/nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/crun"
INFO[0000] Setting parallel job count to 85
DEBU[0000] Failed to add podman to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0000] Pulling image hello-world (policy: missing)
DEBU[0000] Looking up image "hello-world" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"
DEBU[0000] Trying "docker.io/library/hello-world:latest" ...
DEBU[0000] parsed reference into "[btrfs@/home/nu/.local/share/containers/storage+/run/user/1000/containers]@74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Found image "hello-world" as "docker.io/library/hello-world:latest" in local containers storage
DEBU[0000] Found image "hello-world" as "docker.io/library/hello-world:latest" in local containers storage ([btrfs@/home/nu/.local/share/containers/storage+/run/user/1000/containers]@74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602)
DEBU[0000] exporting opaque data as blob "sha256:74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Looking up image "hello-world" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux [] }
DEBU[0000] Trying "docker.io/library/hello-world:latest" ...
DEBU[0000] parsed reference into "[btrfs@/home/nu/.local/share/containers/storage+/run/user/1000/containers]@74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Found image "hello-world" as "docker.io/library/hello-world:latest" in local containers storage
DEBU[0000] Found image "hello-world" as "docker.io/library/hello-world:latest" in local containers storage ([btrfs@/home/nu/.local/share/containers/storage+/run/user/1000/containers]@74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602)
DEBU[0000] exporting opaque data as blob "sha256:74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Inspecting image 74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602
DEBU[0000] exporting opaque data as blob "sha256:74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Inspecting image 74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602
DEBU[0000] Inspecting image 74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602
DEBU[0000] Inspecting image 74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602
DEBU[0000] using systemd mode: false
DEBU[0000] No hostname set; container's hostname will default to runtime default
DEBU[0000] Loading default seccomp profile
DEBU[0000] Allocated lock 83 for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08
DEBU[0000] exporting opaque data as blob "sha256:74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602"
DEBU[0000] Created container "f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08"
DEBU[0000] Container "f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08" has work directory "/home/nu/.local/share/containers/storage/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata"
DEBU[0000] Container "f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08" has run directory "/run/user/1000/containers/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata"
DEBU[0000] Not attaching to stdin
INFO[0000] Received shutdown.Stop(), terminating! PID=6966
DEBU[0000] Enabling signal proxying
DEBU[0000] Mounted container "f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08" at "/home/nu/.local/share/containers/storage/btrfs/subvolumes/71eb22f57e07a50f65918dc9131bef3c8a8cbbbe65a7d42d8d0d0cb278a91af4"
DEBU[0000] Created root filesystem for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 at /home/nu/.local/share/containers/storage/btrfs/subvolumes/71eb22f57e07a50f65918dc9131bef3c8a8cbbbe65a7d42d8d0d0cb278a91af4
DEBU[0000] Made network namespace at /run/user/1000/netns/netns-73fc77b1-bd8a-281e-cadf-86ade38a8492 for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08
DEBU[0000] pasta arguments: --config-net --dns-forward 169.254.1.1 -t none -u none -T none -U none --no-map-gw --quiet --netns /run/user/1000/netns/netns-73fc77b1-bd8a-281e-cadf-86ade38a8492 --map-guest-addr 169.254.1.2
DEBU[0000] Setting Cgroups for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 to user.slice:libpod:f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08
DEBU[0000] reading hooks from /usr/share/containers/oci/hooks.d
DEBU[0000] Workdir "/" resolved to host path "/home/nu/.local/share/containers/storage/btrfs/subvolumes/71eb22f57e07a50f65918dc9131bef3c8a8cbbbe65a7d42d8d0d0cb278a91af4"
DEBU[0000] Created OCI spec for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 at /home/nu/.local/share/containers/storage/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata/config.json
DEBU[0000] /nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/conmon messages will be logged to syslog
DEBU[0000] running conmon: /nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/conmon args="[--api-version 1 -c f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 -u f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 -r /nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/crun -b /home/nu/.local/share/containers/storage/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata -p /run/user/1000/containers/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata/pidfile -n unruffled_pasteur --exit-dir /run/user/1000/libpod/tmp/exits --persist-dir /run/user/1000/libpod/tmp/persist/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08 --full-attach -s -l journald --log-level debug --syslog --conmon-pidfile /run/user/1000/containers/btrfs-containers/f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08/userdata/conmon.pid --exit-command /nix/store/xzw0lp5gk6za3v07xd7qpkmqr7h2lj50-podman-5.5.1/bin/.podman-wrapped --exit-command-arg --root --exit-command-arg /home/nu/.local/share/containers/storage --exit-command-arg --runroot --exit-command-arg /run/user/1000/containers --exit-command-arg --log-level --exit-command-arg debug --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/user/1000/libpod/tmp --exit-command-arg --network-config-dir --exit-command-arg --exit-command-arg --network-backend --exit-command-arg netavark --exit-command-arg --volumepath --exit-command-arg /home/nu/.local/share/containers/storage/volumes --exit-command-arg --db-backend --exit-command-arg sqlite --exit-command-arg --transient-store=false --exit-command-arg --runtime --exit-command-arg crun --exit-command-arg --storage-driver --exit-command-arg btrfs --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg --syslog --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --stopped-only --exit-command-arg f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08]"
INFO[0000] Running conmon under slice user.slice and unitName libpod-conmon-f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08.scope
[conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied
INFO[0000] Failed to add conmon to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1
DEBU[0000] Received: -1
DEBU[0000] Cleaning up container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08
DEBU[0000] Tearing down network namespace at /run/user/1000/netns/netns-73fc77b1-bd8a-281e-cadf-86ade38a8492 for container f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08
DEBU[0000] Unmounted container "f611ad45caffebc2e3946effe394320bc7f85c57f8e8ea9d4cc37346bc89fa08"
DEBU[0000] ExitCode msg: "crun: sd-bus call: process org.freedesktop.systemd1 exited with status 1: input/output error: oci runtime error"
Error: OCI runtime error: crun: sd-bus call: Process org.freedesktop.systemd1 exited with status 1: Input/output error
DEBU[0000] Shutting down engines
With the flag --cgroup-manager=cgroupfs it works:
$ podman --cgroup-manager=cgroupfs run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
my podman.nix (nix flake) file:
{
inputs,
lib,
config,
pkgs,
home-manager,
...
}:
{
options.modules.podman = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Use podman";
};
};
config = lib.mkMerge [
(lib.mkIf config.modules.podman.enable {
virtualisation = {
containers.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
users.users.nu = {
extraGroups = [ "podman" ];
linger = true;
};
# Set graphDriverName to btrfs
virtualisation.containers.storage.settings = {
storage = {
driver = "btrfs";
graphroot = "/mnt/btrfs/@container";
runroot = "/run/containers/storage";
options.overlay.mountopt = "nodev,metacopy=on";
};
};
environment.systemPackages = with pkgs; [ podman-compose slirp4netns fuse-overlayfs ];
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 80;
})
];
}
here is the output of podman info:
$ podman info --debug
host:
arch: amd64
buildahVersion: 1.40.1
cgroupControllers:
- cpu
- io
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: Unknown
path: /nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/conmon
version: 'conmon version 2.1.13, commit: '
cpuUtilization:
idlePercent: 99.03
systemPercent: 0.29
userPercent: 0.68
cpus: 28
databaseBackend: sqlite
distribution:
codename: xantusia
distribution: nixos
version: "25.11"
eventLogger: journald
freeLocks: 1963
hostname: newton
idMappings:
gidmap:
- container_id: 0
host_id: 100
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.15.2
linkmode: dynamic
logDriver: journald
memFree: 28915482624
memTotal: 33403183104
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: Unknown
path: /nix/store/xzw0lp5gk6za3v07xd7qpkmqr7h2lj50-podman-5.5.1/libexec/podman/aardvark-dns
version: aardvark-dns 1.15.0
package: Unknown
path: /nix/store/xzw0lp5gk6za3v07xd7qpkmqr7h2lj50-podman-5.5.1/libexec/podman/netavark
version: netavark 1.15.2
ociRuntime:
name: crun
package: Unknown
path: /nix/store/lbi1f3j5zccg54580w119qp0508yhpgj-podman-helper-binary-wrapper/bin/crun
version: |-
crun version 1.21
commit: 1.21
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
os: linux
pasta:
executable: /nix/store/xzw0lp5gk6za3v07xd7qpkmqr7h2lj50-podman-5.5.1/libexec/podman/pasta
package: Unknown
version: ""
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /run/current-system/sw/bin/slirp4netns
package: Unknown
version: |-
slirp4netns version 1.3.3
commit: 944fa94090e1fd1312232cbc0e6b43585553d824
libslirp: 4.9.0
SLIRP_CONFIG_VERSION_MAX: 6
libseccomp: 2.6.0
swapFree: 17179865088
swapTotal: 17179865088
uptime: 0h 13m 2.00s
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
- quay.io
store:
configFile: /home/nu/.config/containers/storage.conf
containerStore:
number: 85
paused: 0
running: 0
stopped: 85
graphDriverName: btrfs
graphOptions: {}
graphRoot: /home/nu/.local/share/containers/storage
graphRootAllocated: 999129350144
graphRootUsed: 191745118208
graphStatus:
Build Version: Btrfs v6.14
Library Version: "104"
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/nu/.local/share/containers/storage/volumes
version:
APIVersion: 5.5.1
Built: 315532800
BuiltTime: Tue Jan 1 01:00:00 1980
GitCommit: ""
GoVersion: go1.24.3
Os: linux
OsArch: linux/amd64
Version: 5.5.1
I think setting graphRoot did not work… But i got rid of the following error:
ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "btrfs" from database - delete libpod local files ("/home/nu/.local/share/containers/storage") to resolve. May prevent use of images created by other tools
Can anyone explain to me why the error from above occurs?