← Back to issue list

Using chiseled JRE images with podman and crun fails when following the documentation

View original Github issue

Metadata

Project
rockcraft
Number
#873
Type
issue
State
open
Author
dviererbe
Labels
Created
2025-04-28 21:41:28+00:00
Updated
2025-07-03 12:23:34+00:00
Closed

Current evaluation

No evaluation has been recorded for this issue yet.

Issue body

### Bug Description I wanted to containerize a Java application using the chiselled JRE images. Following the [documentation](https://hub.docker.com/r/ubuntu/jre) I failed at the first steps just running the JRE. ### To Reproduce On an Ubuntu 24.04 (Noble) system I 1. installed `podman` and the `crun` container runtime: ``` apt update && apt install podman crun ``` 2. tried to run the example in the documentation (but with podman): ``` podman run --rm ubuntu/jre:21-24.04_stable exec java ``` Resulting in the output recorded below. I also tried to use `--userns=keep-id` without success as suggested in this [issue](https://github.com/containers/podman/discussions/21293#discussioncomment-8172610): ``` podman run --rm --userns="keep-id:uid=$(id -u),gid=$(id -g)" ubuntu/jre:21-24.04_stable exec java Error: container uses ID mappings ([]specs.LinuxIDMapping{specs.LinuxIDMapping{ContainerID:0x0, HostID:0x1, Size:0x3e8}, specs.LinuxIDMapping{ContainerID:0x3e8, HostID:0x0, Size:0x1}, specs.LinuxIDMapping{ContainerID:0x3e9, HostID:0x3e9, Size:0xfc18}}), but doesn't map UID 584792 ``` NOTE: UID=1000 and GID=1000 ### Environment ``` $ podman info host: arch: amd64 buildahVersion: 1.33.7 cgroupControllers: - memory - pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon_2.1.10+ds1-1build2_amd64 path: /usr/bin/conmon version: 'conmon version 2.1.10, commit: unknown' cpuUtilization: idlePercent: 97.91 systemPercent: 0.59 userPercent: 1.5 cpus: 16 databaseBackend: sqlite distribution: codename: noble distribution: ubuntu version: "24.04" eventLogger: journald freeLocks: 2047 hostname: snufkin idMappings: gidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 uidmap: - container_id: 0 host_id: 1000 size: 1 - container_id: 1 host_id: 100000 size: 65536 kernel: 6.11.0-24-generic linkmode: dynamic logDriver: journald memFree: 31680413696 memTotal: 65105715200 networkBackend: netavark networkBackendInfo: backend: netavark dns: package: aardvark-dns_1.4.0-5_amd64 path: /usr/lib/podman/aardvark-dns version: aardvark-dns 1.4.0 package: netavark_1.4.0-4_amd64 path: /usr/lib/podman/netavark version: netavark 1.4.0 ociRuntime: name: crun package: crun_1.14.1-1_amd64 path: /usr/bin/crun version: |- crun version 1.14.1 commit: de537a7965bfbe9992e2cfae0baeb56a08128171 rundir: /run/user/1000/crun spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +WASM:wasmedge +YAJL os: linux pasta: executable: /usr/bin/pasta package: passt_0.0~git20240220.1e6f92b-1_amd64 version: | pasta unknown version Copyright Red Hat GNU General Public License, version 2 or later <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. remoteSocket: exists: false path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: false serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns_1.2.1-1build2_amd64 version: |- slirp4netns version 1.2.1 commit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194 libslirp: 4.7.0 SLIRP_CONFIG_VERSION_MAX: 4 libseccomp: 2.5.5 swapFree: 8589930496 swapTotal: 8589930496 uptime: 14h 41m 29.00s (Approximately 0.58 days) variant: "" plugins: authorization: null log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local registries: search: - docker.io store: configFile: /home/dviererbe/.config/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/dviererbe/.local/share/containers/storage graphRootAllocated: 1175924506624 graphRootUsed: 900684709888 graphStatus: Backing Filesystem: zfs Native Overlay Diff: "true" Supports d_type: "true" Supports shifting: "false" Supports volatile: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 12 runRoot: /run/user/1000/containers transientStore: false volumePath: /home/dviererbe/.local/share/containers/storage/volumes version: APIVersion: 4.9.3 Built: 0 BuiltTime: Thu Jan 1 02:00:00 1970 GitCommit: "" GoVersion: go1.22.2 Os: linux OsArch: linux/amd64 Version: 4.9.3 ``` ### rockcraft.yaml ```yaml N/A ``` ### Relevant log output ```shell Error: OCI runtime error: crun: setgroups: Invalid argument ```

Evaluation history

No evaluation history available.