I have set up containerd on my Windows 11 (Pro, if that matters) machine, and I am attempting to run some Windows formatted containers without administrator privileges. However, I am encountering the following error when trying to load (from a tarball) or run images with nerdctl:
time="2022-09-08T10:29:57-05:00" level=info msg="apply failure, attempting cleanup" error="failed to extract layer sha256:ec3e6a046fddc46b8fd9c814b01539e6798caec7d33f3c43c2eedd476af287e1: Could not enable privileges \"Back up files and directories\", \"Restore files and directories\": unknown" key="extract-27958500-ByGC sha256:ec3e6a046fddc46b8fd9c814b01539e6798caec7d33f3c43c2eedd476af287e1"
time="2022-09-08T10:29:57-05:00" level=fatal msg="failed to extract layer sha256:ec3e6a046fddc46b8fd9c814b01539e6798caec7d33f3c43c2eedd476af287e1: Could not enable privileges \"Back up files and directories\", \"Restore files and directories\": unknown"
I have found that when running containerd with elevated privileges, the image loads and runs perfectly fine. However, running containerd as administrator is not suitable for my purposes.
I have ensured that containerd is running with a root and state that are available to the user (tried on another disk, in a folder on the root of the C: drive, and inside of the user's folder). As previously mentioned, I have also verified that the image does work as expected when containerd is run as administrator, and works in Docker Desktop (where it was built) in Windows Containers mode.
I did notice that the state and root folders created by containerd were marked as read-only, and that the user did not have access to the state folder (which I was alerted to by a warning in the containerd console). However, while the warning from containerd was resolved after fixing the permissions of the root folder and setting both folders to read-write, the issue with loading and running images still persisted.
I am running Windows 11 version 21H2 (build 22000.856), containerd version v1.6.8 (9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6), and nerdctl 0.22.2.
Has anyone encountered this issue? Any pointers would be very much appreciated. Thanks!