Not working with AlmaLinux 10 & Fedora 42 for rootless containers anymore #261
Description
Hey everyone, we've been using this method for years on our CentOS Stream 9 machines with kernel 5.14.0 & podman 5.6.0 where it has worked perfectly fine all the time.
Now we tried to upgrade to AlmaLinux 10 with kernel 6.12.0 & podman 5.4.0 and unfortunately this solution has stopped working. I could replicate the same on my personal Fedora 42 machine with kernel 6.16.3 & podman 5.6.0.
Install looks successful, but emulators are empty when checking:
$ podman run --privileged --rm tonistiigi/binfmt --install arm64
installing: arm64 OK
{
"supported": [
"linux/amd64",
"linux/amd64/v2",
"linux/amd64/v3",
"linux/amd64/v4",
"linux/arm64",
"linux/386"
],
"emulators": [
"qemu-aarch64"
]
}
$ podman run --privileged --rm tonistiigi/binfmt
{
"supported": [
"linux/amd64",
"linux/amd64/v2",
"linux/amd64/v3",
"linux/amd64/v4",
"linux/386"
],
"emulators": null
}
$ ls -la /proc/sys/fs/binfmt_misc/
insgesamt 0
drwxr-xr-x. 2 root root 0 2. Sep 16:33 .
dr-xr-xr-x. 1 root root 0 1. Sep 09:09 ..
--w-------. 1 root root 0 1. Sep 09:10 register
-rw-r--r--. 1 root root 0 1. Sep 09:10 status
However when executed as sudo things start to work again, but it stays broken without sudo:
$ sudo podman run --privileged --rm tonistiigi/binfmt --install arm64
installing: arm64 OK
{
"supported": [
"linux/amd64",
"linux/amd64/v2",
"linux/amd64/v3",
"linux/amd64/v4",
"linux/arm64",
"linux/386"
],
"emulators": [
"qemu-aarch64"
]
}
$ sudo podman run --privileged --rm tonistiigi/binfmt
{
"supported": [
"linux/amd64",
"linux/amd64/v2",
"linux/amd64/v3",
"linux/amd64/v4",
"linux/arm64",
"linux/386"
],
"emulators": [
"qemu-aarch64"
]
}
$ ls -la /proc/sys/fs/binfmt_misc/
insgesamt 0
drwxr-xr-x. 2 root root 0 2. Sep 16:33 .
dr-xr-xr-x. 1 root root 0 1. Sep 09:09 ..
-rw-r--r--. 1 root root 0 2. Sep 16:34 qemu-aarch64
--w-------. 1 root root 0 1. Sep 09:10 register
-rw-r--r--. 1 root root 0 1. Sep 09:10 status
$ cat /proc/sys/fs/binfmt_misc/qemu-aarch64
enabled
interpreter /usr/bin/qemu-aarch64
flags: POCF
offset 0
magic 7f454c460201010000000000000000000200b700
mask ffffffffffffff00fffffffffffffffffeffffff
Now I really wonder why this has stopped working, is anybody aware of a kernel change or anything in that regard? We really wanna stick with unprivileged containers. Interestingly checking the status without root didn't work in the past, but does now:
[CentOS Stream 9]
$ podman run --privileged --rm tonistiigi/binfmt
error: operation not permitted
cannot mount binfmt_misc filesystem at /proc/sys/fs/binfmt_misc
main.run
/src/cmd/binfmt/main.go:204
main.main
/src/cmd/binfmt/main.go:191
runtime.main
/usr/local/go/src/runtime/proc.go:272
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1700
[AlmaLinux 10]
$ podman run --privileged --rm tonistiigi/binfmt
{
"supported": [
"linux/amd64",
"linux/amd64/v2",
"linux/amd64/v3",
"linux/amd64/v4",
"linux/386"
],
"emulators": null
}
Any hint would be highly appreciated!