[SOLVED]: there might not be enough IDs available in the namespace

"There might not be enough IDs available in the namespace" is a common error seen in podman container environment. In this article we will see different ways to fix this error. You can follows different methods on its chronological order, if one method doesn't work try the next one.

 

Method 1: uid/gid Mapping

  • Verify the subuid and  subgid mapping of the user which is running is rootless container in /etc/subuid and /etc/subgid
  • There should be an entry corresponding to the user.
  • Ideally when a new user is created, entries for the subuid and subgid will get automatically added.
[root@localhost ~]# cat /etc/subuid
linuxdatahub:100000:65536
abhi:165536:65536
test:231072:65536
jim:296608:65536
  • If the entry is not there for the user, you can either edit the /etc/subuid and /etc/subgid file, or the better way is to use the below command
usermod --add-subuids 100000-165535 --add-subgids 100000-165535 *username*
  • Retry the execution and see if the error is seen, if the error is still seen proceed to method2

Method 2:  Check uid mapping and  Restart podman

  • Check if the uid mapping inside the user namespace. This can be done by executing the below command as the non-root user which is used to execute the podman commands
[abhi@localhost ]$ podman unshare cat /proc/self/uid_map 
         0      24535          1
         1     100000      65536  <----- You should see the entry set in /etc/subuid

[abhi@localhost ]$ podman unshare cat /proc/self/gid_map 
         0      24535          1
         1     100000      65536  <-----
  • If the the subuid and subgid mapping for the user is proper in the files /etc/subuid and /etc/subgid, then the changes may not be reflecting.
  • The changes will come to picture, once podman is restarted. Use the either one of the below steps
$ podman system migrate
or 
$ ps aux | grep podman
$ kill <pid-of-podman>

Method 3: Verify and Modify Kernel parameters

Verify and check if max_pid_namespaces and  max_user_namespaces  is set to a a reasonable value

$ sysctl -a | grep namespaces
user.max_cgroup_namespaces = 62187
user.max_ipc_namespaces = 62187
user.max_mnt_namespaces = 62187
user.max_net_namespaces = 62187
user.max_pid_namespaces = 62187
user.max_time_namespaces = 128
user.max_user_namespaces = 62187
user.max_uts_namespaces = 62187

The parameter can be set by below commands.

sysctl max_pid_namespaces=62187
sysctl max_user_namespaces=62187
sysctl --system

Reference

Troubleshooting podman rootless uid/gid mapping

Search on LinuxDataHub

Leave a Comment