Problems using distrobox/toolbox using rootless Podman in LXC container

[koalillo]

Hi,

Thanks to a few Reddit threads, I got rootless Podman to work inside an LXC container. However, my intention was to use distrobox/toolbox, and it doesn't work.

I've documented everything in detail here:

https://github.com/alexpdp7/alexpdp7/issues/10

; the gist is that these tools create containers with --userns keep-id --volume /dev:/dev:rslave, and then use podman exec -t to connect to the container, and this combination does not work.

Any idea on how to make it work?

Cheers,

Álex

 

[koalillo]

Ugh, I think my "reproduction" is not valid. podman exec -t fails with:

Error: crun: chown `/dev/pts/4`: Operation not permitted: OCI permission denied

while toolbox/distrobox fail with:

open /dev/pts/4: No such file or directory: OCI runtime attempted to invoke a command that was not found

 

[koalillo]

So actually a way to reproduce the distrobox/toolbox error is:

[alex@ws ~]$ podman run -d --mount type=devpts,destination=/dev/pts --userns keep-id --volume /dev:/dev:rslave registry.access.redhat.com/ubi9/ubi:latest sleep infinity
53aa717c1fc562f3b0f363f0ceb4a737fb749ea715295b83b4884955fadbae78
[alex@ws ~]$ podman exec -it 53aa bash
Error: crun: open /dev/pts/4: No such file or directory: OCI runtime attempted to invoke a command that was not found

Any ideas?

 

[hyu]

How did you get rootless Podman to work inside unpriviledged LXC containers?

 

[gfngfn256]

How did you get rootless Podman to work inside unpriviledged LXC containers?

Check his github link

 

[hyu]

Check his github link

I'm having this issue:

[sysadmin@nixos-starfish:~]$ podman info
ERRO[0000] running `/run/wrappers/bin/newuidmap 2268 0 1001 1 1 100000 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot set up namespace using "/run/wrappers/bin/newuidmap": exit status 1

Is there a line in that .conf that addresses this issue?

Edit:
Noticed you don't have

unprivileged: 1