Comment # 7 on bug 1231231 from Alexandre Vicenzi

(In reply to Martin Sirringhaus from comment #6)
> distrobox already creates the containers in privileged mode:
> 
> ❯ podman container inspect c364fe996b19 | grep -i privileged
>                     "io.podman.annotations.privileged": "TRUE",
>                     "--privileged",
>                     "io.podman.annotations.privileged": "TRUE",
>                "Privileged": true,
> 
> So rootless inside rootless should work, I think.
> 
> Another colleague asked the maintainer, who responded with:
> > I think is something about opensuse, on ubuntu the guide works.
> > After a quick test looks like if you do chmod +s /usr/bin/newuidmap /usr/bin/newgidmap works
> > I guess a setcap problem

Ubuntu newuidmap has +s set, while Tumbleweed and Fedora do not.

> root@ubuntu:~# ls -lah /usr/bin/newuidmap
> -rwsr-xr-x 1 root root 69K May 30 14:52 /usr/bin/newuidmap

> alexandre@tumbleweed $ ls -lah /usr/bin/newuidmap
> -rwxr-xr-x 1 root root 37K Jul  8 13:13 /usr/bin/newuidmap

> alexandre@fedora-41:~$ ls -lah /usr/bin/newuidmap
> -rwxr-xr-x. 1 root root 43K Oct 10 02:00 /usr/bin/newuidmap

This is something to be discussed with Shadow maintainers perhaps, not sure if
Podman can do something about it.

Danish, anything we might be able to do on our side?