Document --read-only --rootfs requirements

Add entry to troubleshooting to document how to setup a read-only rootfs to use with Podman. Fixes: containers#5895 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
rhatdan · Sep 11, 2020 · 8ac39a3 · 8ac39a3
1 parent e59c3ce
commit 8ac39a3
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/troubleshooting.md b/troubleshooting.md
@@ -617,3 +617,30 @@ If you encounter a `fuse: device not found` error when running the container ima
 the fuse kernel module has not been loaded on your host system.  Use the command `modprobe fuse` to load the
 module and then run the container image afterwards.  To enable this automatically at boot time, you can add a configuration
 file to `/etc/modules.load.d`.  See `man modules-load.d` for more details.
+
+### 25) podman run --rootfs link/to//read/only/dir does not work
+
+An error such as "OCI runtime error" on a read-only filesystem or the error "{image} is not an absolute path or is a symlink" are often times indicators for this issue.  For more details, review this [issue](
+https://github.com/containers/podman/issues/5895).
+
+#### Symptom
+
+Rootless Podman requires certain files to exist in a file system in order to run.
+Podman will create /etc/resolv.conf, /etc/hosts and other file decriptors on the rootfs in order
+to mount volumes on them.
+
+#### Solution
+
+Run the container once in read/write mode, Podman will generate all of the FDs on the rootfs, and
+from that point forward you can run with a read-only rootfs.
+
+$ podman run --rm --rootfs /path/to/rootfs true
+
+The command above will create all the missing directories needed to run the container.
+
+After that, it can be used in read only mode, by multiple containers at the same time:
+
+$ podman run --read-only --rootfs /path/to/rootfs ....
+
+Another option would be to create an overlay file system on the directory as a lower and then
+then allow podman to create the files on the upper.