On Di, 10.01.23 13:18, Lewis Gaul (lewis.gaul@xxxxxxxxx) wrote: > Following 'setenforce 0' I still see the same issue (I was also suspecting > SELinux!). > > A few additional data points: > - this was not seen when using systemd v230 inside the container > - this is also seen on CentOS 8.4 > - this is seen under docker even if the container's cgroup driver is > changed from 'cgroupfs' to 'systemd' docker is garbage. They are hostile towards running systemd inside containers. podman upstream is a lot friendly, and apparently what everyone in OCI is going towards these days. I have not much experience with podman though, and in particular not old versions. Next step would probably be to look at what precisely causes the permission issue, via strace. but did you make sure your container actually gets write access to the cgroup trees? anyway, i'd recommend asking the podman community for help about this. Lennart -- Lennart Poettering, Berlin