https://bugzilla.suse.com/show_bug.cgi?id=1231231 https://bugzilla.suse.com/show_bug.cgi?id=1231231#c4 Alexandre Vicenzi <alexandre.vicenzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(dfaggioli@suse.co | |m) | --- Comment #4 from Alexandre Vicenzi <alexandre.vicenzi@suse.com> --- (In reply to Danish Prakash from comment #3)
I don't know if it was supposed to work without `--root` or not--rootless podman within rootless podman works btw--but I suspect it's broken due to conflicts with state files between containers on the host and distrobox's. I'll take a deeper look into this next week and report back with an update, but for now, the workaround is to use the `--root` flag as Alexandre suggested.
This article [1] covers how to run Podman in Podman (PINP), and all scenarios are supported, such as: - Rootful Podman in rootful Podman - Rootless Podman in rootful Podman - Rootful Podman in rootless Podman - Rootless Podman in rootless Podman The container however needs to run in privileged mode, or if privileged is not desired, disable some security options. With privileged:
podman run --privileged quay.io/podman/stable podman run alpine echo hello
This can be achieved with `distrobox create --root`, it is the easiest approach to run PINP. Without privileges, setting proper security flags is necessary.
podman run --security-opt label=disable --user podman --device /dev/fuse quay.io/podman/stable podman run alpine echo hello
This could be done with `distrobox create --additional-flags`. I tried to replicate non-privileged commands, but this caused `distrobox enter` command to fail during container initialization due to permission issues while distrobox sets up the container. My conclusion for now is that the Distrobox documentation needs to be updated to reflect the need for --root flag. I'll submit a PR to distrobox updating the documentation. [1]: https://www.redhat.com/en/blog/podman-inside-container -- You are receiving this mail because: You are on the CC list for the bug.