📖 ~1 min read
Table of contents
Symptom & Impact
Rootless podman containers fail to start with cgroup delegation errors on resource limits.
Environment & Reproduction
Seen on minimal installs where user lingering and cgroup v2 delegation are not configured.
Root Cause Analysis
User systemd manager does not have the required cgroup controllers delegated by default.
Quick Triage
Inspect /sys/fs/cgroup/user.slice/user-.slice/cgroup.controllers contents.
Step-by-Step Diagnosis
Run: loginctl show-user ; cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/cgroup.controllers.
Solution – Primary Fix
Enable lingering and delegation: loginctl enable-linger ; configure systemd drop-ins for delegate=yes.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Run containers as a dedicated system user with rootful podman or quadlet units for production workloads.
Verification & Acceptance Criteria
podman run –memory and –cpus succeed without delegation errors for the rootless user.
Rollback Plan
Disable lingering and revert systemd drop-ins if the workload moves back to rootful mode.
Prevention & Hardening
Bake rootless prerequisites into Kickstart and document supported users for delegation.
Related Errors & Cross-Refs
Related to subuid/subgid mapping, fuse-overlayfs, and slirp4netns issues.
Related tutorial: View the step-by-step tutorial for centos-stream-10.
View all centos-stream-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Red Hat container guide rootless section and podman docs.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
