https://bugzilla.suse.com/show_bug.cgi?id=1231231 https://bugzilla.suse.com/show_bug.cgi?id=1231231#c7 Alexandre Vicenzi <alexandre.vicenzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(danish.prakash@su | |se.com) --- Comment #7 from Alexandre Vicenzi <alexandre.vicenzi@suse.com> --- (In reply to Martin Sirringhaus from comment #6)
distrobox already creates the containers in privileged mode:
❯ podman container inspect c364fe996b19 | grep -i privileged "io.podman.annotations.privileged": "TRUE", "--privileged", "io.podman.annotations.privileged": "TRUE", "Privileged": true,
So rootless inside rootless should work, I think.
Another colleague asked the maintainer, who responded with:
I think is something about opensuse, on ubuntu the guide works. After a quick test looks like if you do chmod +s /usr/bin/newuidmap /usr/bin/newgidmap works I guess a setcap problem
Ubuntu newuidmap has +s set, while Tumbleweed and Fedora do not.
root@ubuntu:~# ls -lah /usr/bin/newuidmap -rwsr-xr-x 1 root root 69K May 30 14:52 /usr/bin/newuidmap
alexandre@tumbleweed $ ls -lah /usr/bin/newuidmap -rwxr-xr-x 1 root root 37K Jul 8 13:13 /usr/bin/newuidmap
alexandre@fedora-41:~$ ls -lah /usr/bin/newuidmap -rwxr-xr-x. 1 root root 43K Oct 10 02:00 /usr/bin/newuidmap
This is something to be discussed with Shadow maintainers perhaps, not sure if Podman can do something about it. Danish, anything we might be able to do on our side? -- You are receiving this mail because: You are on the CC list for the bug.