I'm experimentiong with running Podman on CodeBuild on Lambda compute.
Documentation clearly lists Lambda limitations, but mentions Podman as possible alternative.
AWS Lambda doesn't support Docker builds or runs. You can use alternatives that don’t require root permissions, such as Podman.
AWS Lambda doesn't support ... privileged mode ...
However, Podman seems to require some root permissions as well:
Container engines require privileges ...
Container engines mount file systems and use the system call clone to create user namespaces.
And when I try to run podman service, I run into exactly those mentioned privilege issues.
[Container] 2024/04/13 23:05:51.434914 Running command podman system service
cannot clone: Operation not permitted
Error: cannot re-exec process
Relevant CodeBuild project config is following
image = "aws/codebuild/amazonlinux-aarch64-lambda-standard:corretto21"
type = "ARM_LAMBDA_CONTAINER"
I run into exactly the same error when I choose EC2 compute with privileged mode = false.
image = "aws/codebuild/amazonlinux2-aarch64-standard:3.0"
privileged_mode = false
type = "ARM_CONTAINER"
If I set privileged mode to true
on EC2 compute, then everything works as expected.
Both Lambda and EC2 images that I used should be based on Amazon Linux 2023.
What am I missing here? Is there a way how to give Podman required permissions or configure it to run without ever needing them? Or is the AWS documentation incorrect and Podman is not supported?