Running Bootable ISO as Image gives CRUN OCI Permission Denied

[zak-admin]

Hi Podman Mates, Newbie here.

I just wanted to explore Homelab, at the moment I don't have an extra device to allocate for that. So I use a Fedora Workstation VirtualBox on my only Laptop. And I wanted to explore everything containerized using rootless podman. My first try is on TrueNAS Scale. Unfortunately, I am getting an error.

What I did

Following the Tutorial of TechRepublic, I tried to convert a TrueNAS Scale ISO into a Container Image and tried to run it. Unfortunately, I am getting a "Permission Denied" Error. To test I tried the same as root. That also gives me the same error. Anyway I was able to just run alpine linux image.

The Commands I used

mkdir rootfs unsquashfs
mount -o loop /home/zakee/Downloads/ISOs/TrueNAS-SCALE-24.04.2.3.iso rootfs
unsquashfs -f -d unsquashfs/ rootfs/live/filesystem.squashfs
tar -C unsquashfs -c . | podman import - truenas/1
podman run -dit truenas/1:latest

The Error I Got

Error: crun: open executable: Operation not permitted: OCI permission denied

Podman Version

podman version 5.2.3

---

Please let me know if I am doing anything wrong.

If you want any other information please let me know. And also please be kind enough to explain in simple terms. i.e. don't be more technical and be beginner friendly.

Thank You for your Time.

[eriksjolund]

It looks like there is no command specified in the container image.

CMD and/or ENTRYPOINT can be set with the podman import option --change

The man page has some examples

https://docs.podman.io/en/stable/markdown/podman-import.1.html#examples

Instead of configuring those instructions in the container image, you could also specify the command directly on the command-line after the imagename:

For example

podman run --rm truenas/1:latest /bin/true

podman run --rm truenas/1:latest /bin/echo hello

If there is a /bin/sh in the container, you could open a shell with the command

podman run --rm -ti truenas/1:latest /bin/sh

to see what's inside.

Maybe there is a systemd system manager that needs to be started?

Try this to find out

podman run --rm -tid truenas/1:latest /sbin/init 

To inspect an image, run

podman image inspect truenas/1:latest

If there would be a CMD or ENTRYPOINT defined, you would see them there. Look for Cmd and Entrypoint

[zak-admin]

Thank You for the Answer. The Below Command Worked without the Error.

podman run -p 1024:80 -dit truenas/1:latest /bin/sh

Anyway, the TrueNAS did not start to work, when I type in the browser localhost:1024. Most probably it must be because it did not go through the regular installation process. Do you know any way to do the installation within the container or in the process of creating the image.

[eriksjolund]

I don't know anything specific about TrueNAS as I've never used it myself.