Comment # 6 on bug 1231231 from Martin Sirringhaus

distrobox already creates the containers in privileged mode:

❯ podman container inspect c364fe996b19 | grep -i privileged
                    "io.podman.annotations.privileged": "TRUE",
                    "--privileged",
                    "io.podman.annotations.privileged": "TRUE",
               "Privileged": true,

So rootless inside rootless should work, I think.

Another colleague asked the maintainer, who responded with:
> I think is something about opensuse, on ubuntu the guide works.
> After a quick test looks like if you do chmod +s /usr/bin/newuidmap /usr/bin/newgidmap works
> I guess a setcap problem