Podman in LXC - what do overlay "not support file handles" and "conflicting options: userxattr,metacopy" mean?

[marcosscriven]

I usually run Ubuntu server in my LXC containers, but wanting to try Podman, which really only works well on a Redhat/Fedora base.

Even though this is working, when I run podman commands in the LXC guest, I see two errors/warnings in the host logs:

overlayfs: conflicting options: userxattr,metacopy=on
overlayfs: fs on '/var/lib/containers/storage/overlay/l/M7PEJYQIJK7ZKMFO3QZEDB7VII' does not support file handles, falling back to xino=off.

I really have no idea what those mean, and wondering if/how to resolve them (because even though it works, I like to understand if somehow I'm losing performance or something else might not work because of it).
Googling showed some matches, but it always seemed incidental to the problem being described/resolved.

 

[fabian]

like docker, running podman inside LXC is asking for trouble. please use a proper VM for such workloads.

 

[marcosscriven]

podman is daemonless, and so it ought not to be a problem.

In what way is this "asking for trouble"?

 

[fabian]

that doesn't really matter - LXC constrains what processes inside the container are allowed to do, and docker/podman want to manage these constraints themselves. there's an inherent conflict there that requires workarounds that can break at any time.

 

[Keeper of the Keys]

Maybe a bit off topic but what about installing podman/docker directly on the PVE host?
(Some people seem to be happy with docker inside of LXC - https://www.youtube.com/watch?v=t-TFvr7sZ6M)

 

[fabian]

not a good idea either. please follow the recommendations and use a VM.