Podman on WSL2

I've tried and failed may times getting Podman to run on WSL2. OK, may work if run as root but with Podman, things are not cushy if it's not rootless. Slamming things through running as root does not count as complete success. Here is the path less traveled that works for me for now.

Before reading on, check out the links in the 'Other Articles' section, they are not long reads. I've tried many of them. Running the container, if thing wouldn't crap out immediately, I'd find out the web service within could not serve requests as needed from that Angular app running in development mode out of Chrome, not even a Swagger page. HTTP requests made to that sucker would just time out, and die.

With Podman, I've finally succeeded with Centos 8 Stream with Distrod for WSL2. Using Distrod, install a fresh CentOS 8 (or 9) Stream instance. Before installing Podman, make sure the '/' mount propagation is shared.

Making The '/' Mount Propagation Shared

Given the issue with mount propagation being private in WSL2, I decide to get systemd running in the distro using Distrod. WSL2 seems to make the mount propagation private by default for all WSL2 instances, at least ... on my machine. With sytstemd, we can override this as discussed in my earlier post on running Docker without the Desktop on WSL2. To setup the systemd unit for making the mount point public, see
Docker On Windows 10 - when you don't want to pay for it .

Podman will have issues running doing anything if this is not set.

This artical explains how to install Podman on RHEL8 / CentOS 8: Install and Use Podman on CentOS 8 / RHEL 8 | ComputingForGeeks. The following command will list the avaiable streams for container tools:

$ sudo dnf module list | grep container-tools

I went with the rhel8 stream, listed as default. It installs the latest version from the repos.

$ sudo dnf install -y @container-tools

Additional Tweaks

These files controlling the user and group id mapping for user namespaces will need the following permissions.

sudo chmod 4755 /usr/bin/newgidmap
sudo chmod 4755 /usr/bin/newuidmap

Default Limits

If your our doing something like building angular assets for a container build and you need to raise the default nofile and nproc values, you may run into an issue, given something like:

buildah bud --ulimit nofile=20000:20000 ...

resulting in error messages like

... setting rlimits for ready process caused: error setting rlimit type 7: operation not permitted ...

To fix this, increase the limits in /etc/security/limits.conf to something like

myuser  soft   nproc     50000
myuser  hard   nproc     100000
myuser  soft   nofile    50000
myuser  hard   nofile    100000

or whatever value you need. However, for this to take effect you will need the following in /etc/pam.d/login

session requires pam_limits.so

The only problem now is that you still don't see the new limits, but this is the same problem discussed for Ubuntu on WSL2 windows subsystem for linux - ulimit -n command shows no change inspite of modifying the /etc/security/limits.conf file - Ask Ubuntu. Basically you have to login again as yourself for each new shell using

sudo su - $USER

to see the new limits take effect. Remember this only works for the current shell.

Other Environment Variables

XDG_RUNTIME_DIR

I found that setting this resolved issues regarding file permissions and the physical locations of the running containers. In you ~/.bashrc add the following:

export XDG_RUNTIME_DIR=/run/user/$UID