Hi Michael, > I can only speculate, because I don't use podman. With unprivileged LXC con > tainers, it works for me under the condition that the user's token does not= > use a PAG but is bound to the user id only.
That sounds likely. > So, my speculation would be that apptainer is able to run inside an establi= > shed PAG and podman is not. Do you know of a way to bind the token to the user id instead of PAG? Alternatively, podman might be doing something to leave the PAG of the parent that can be disabled. (Probably for security purposes.) Thanks for those ideas! C._______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
