Unable to run ./run_sdk_container -t with rootless Docker

[george-angel]

Description

Attempting to run $ ./run_sdk_container -t, results in the following error:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /dev/console: permission denied: unknown

My guess is this is because Docker is running in rootless mode.

Impact

Not able to start Flatcar SDK.

Environment and steps to reproduce

1. Running Arch Linux, with following Docker setup: https://wiki.archlinux.org/title/docker#Rootless_Docker_daemon
2. Checkout https://github.com/flatcar/scripts and try to run $ ./run_sdk_container -t
3. Error:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /dev/console: permission denied: unknown

Expected behavior

No error :)

I'm guessing its to do with this mount: https://github.com/flatcar/scripts/blob/flatcar-3874/run_sdk_container#L140 . containers/podman#6772 (comment) feels like a relevant explanation, although the project is different.

[jepio]

We use loopback mounts from the sdk, which requires access to /dev/loop-control but also access to /dev/loopX devices as they are created by udev in the host. So unfortunately this requires access to hosts /dev and I don't think it'll work rootless.

I would be happy if someone proved me wrong.

[t-lo]

Unfortunately @jepio is correct; for the same reason using podman requires sudo (which we wrap in the run_sdk_container scripts). Loopback mounts are required by build_image and image_to_vm.sh to build base OS and vendor images. That said, we're entirely open to modernising that part of our build logic by e.g. using a rootless image builder like mkosi. So if someone would want to take on this endeavour we'd be very open to it, and supportive.