Podman broken on ubuntu 20.04 with cgroups v2 due to not installing crun

[afbjorklund]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Podman works OK when using cgroups v1, but not when using cgroups v2.

Steps to reproduce the issue:

1. sudo systemctl start podman.socket

Describe the results you received:

Error: default OCI runtime "crun" not found: invalid argument

podman.service: Failed with result 'exit-code'.

Describe the results you expected:

podman.service: Succeeded.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Error: cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH

Output of podman info --debug:

(paste your output here)

Package info (e.g. output of rpm -q podman or apt list podman):

podman/unknown,now 2.2.1~4 amd64 [installed]

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Ubuntu 20.04, inside Podman container running on Fedora 33.

See kubernetes/minikube#10182

---

It fails, due to crun being an optional dependency but still used by default.
The configuration uses runc under cgroups v1 and crun under cgroups v2.

Installing crun manually fixes the issue, but it should have been installed already.
So probably modify this podman dependency for the .deb a bit: cri-o-runc | runc

Depends: libseccomp2 (>= 2.4.3-1), libdevmapper1.02.1, libgpgme11, catatonit, conmon (>= 2.0.18~1), containers-common (>= 1.2.0~3), containernetworking-plugins (>= 0.8.6~1), cri-o-runc | runc, iptables, podman-plugins (>= 1.1.1~1)
Recommends: crun, slirp4netns, uidmap, varlink
Conflicts: podman-rootless

Running with cgroups v2 might be a bit "special" (system default is v1),
but installing "crun" by default should be rather small and harmless ?

[vrothberg]

@lsm5 PTAL

[afbjorklund]

Sortof fixed in podman3: #8687

Assuming that runc actually handles cgroups v2, not sure if that is the case with 1.0.0-rc10

$ /usr/sbin/runc --version
runc version spec: 1.0.1-dev
$ /usr/lib/cri-o-runc/sbin/runc --version
runc version spec: 1.0.2-dev

In podman2, crun was still mandatory.

[AkihiroSuda]

Runc >= rc91 should work with cgroup2. rc10 was incomplete.

[afbjorklund]

CRI-O comes before the system, so it should find RC 92 before RC 10.

runc = [
        "/usr/lib/cri-o-runc/sbin/runc",
        "/usr/sbin/runc",
        "/usr/bin/runc",
        "/usr/local/bin/runc",
        "/usr/local/sbin/runc",
        "/sbin/runc",
        "/bin/runc",
]

[afbjorklund]

Part of the problem was switching to --no-install-recommends, I guess.

Will install "crun" explicitly, that should take care of the installation for v2.

[afbjorklund]

I think this was more or less our own fault, for not installing recommendations.