On 1/30/21 1:00 PM, Gena Makhomed wrote:
> I can't use CentOS Stream - it is beta quality and has critical bugs.
> For example: https://bugzilla.redhat.com/show_bug.cgi?id=1913806
As far as I can tell:
systemd-nspawn is defaulting to a private user namespace, but no private
network namespace, and that combination is not supported. If you
configure a private network namespace, does that nspawn container start
properly?
https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html#%5BNetwork%5D%20Section%20Options
I'm inferring some of this, so if you've already got private network
namespace configured, that's probably not the cause.
I'm not sure we've ever really looked at systemd-nspawn from a subscription service point of view. For Docker and Podman, we've always viewed those containers as just processes running on the system (this is a notable difference from how VMs are viewed). Containers inherit access to subscription services via the host they're on. That's why UBI should see additional content available when it's running on a RHEL system as opposed to something like CentOS or Ubuntu.
The problem wouldn't be running systemd-nspawn content. The problem would be getting the content into the container you're building though honestly I've never used nspawn and I'm not even sure what storage format it uses.
-Mike