podman and SLES15

Just trying to get a rootless podman image to run on SLES 15 SP1.
Happy to see that SLE-Module-Containers15-SP1-Updates provides podman 1.8.0-4.20.1
Learned that fuse3 package is required (otherwise “using mount program /usr/bin/fuse-overlayfs: fuse: failed to exec fusermount3: No such file or directory”)
But even then, a non-root user will get a permission following error, e.g.:
podmantest@host:~> podman run --name testcontainer --rm -d alpine top
ERRO[0000] error unmounting /home/podmantest/.local/share/containers/storage/overlay/2675cf666fd8d9ed48cb3786d71063395ad988531e7265c7f1f46b10314c5618/merged: invalid argument
Error: error mounting storage for container b8a341ed9ea8bfee36704290c5d2488921b3704b71dfe2b6238bc3c90a8157f3: error creating overlay mount to /home/podmantest/.local/share/containers/storage/overlay/2675cf666fd8d9ed48cb3786d71063395ad988531e7265c7f1f46b10314c5618/merged: using mount program /usr/bin/fuse-overlayfs: fusermount3: mount failed: Operation not permitted
fuse-overlayfs: cannot mount: Operation not permitted
: exit status 1
In https://github.com/containers/podman/issues/5732 I found “FUSE in a user namespace needs at least Linux 4.18”. As SLES15SP1 has 4.12.14, how should I work around this.

This is a fantastic question and something that I’ve been running into as well.

As I understand it (and I’ll confirm tomorrow with some of our more knowledgeable engineers), rootless podman/buildah/skopeo does require the new kernel supported in 15 SP2.

Thank you,
Andrew Gracey

P. S. If you are following my guide, I believe I’m running as root and there might be a mistake suggesting that you didn’t need to. I was also running some tests on TW that might have led me to conflate the two tests. Sorry if this is the case :frowning:

thanks. I hope that also SP1 will get the newer kernel through current patches.
Kind regards, Tom

Meanwhile SP2 is officially available, and upgrading catapulted my VM from kernel 4.12.14 to 5.3.18.
And the best thing: podman now runs as a non-root user: Problem solved!