Hi, On Tue, Oct 19, 2021 at 08:47:58AM +0200, Greg Kroah-Hartman wrote: > Ah much better, I had an older version of tuxmake here. > > Now it fails with an expected permission problem: > Error: writing blob: adding layer with blob "sha256:10348114f214e2f07f30fa82aaa743c1750b2a9025cc8bec19f3f4f2b087a96d": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid: lchown /etc/gshadow: invalid argument > E: Runtime preparation failed: failed to pull remote image docker.io/tuxmake/arm64_gcc-11 > > Note, I will not run kernel builds or random containers downloaded from > the internet as root, sorry :) Note that podman does *not* run as root by default¹, and that's why tuxbuild recommends it instead of docker. What it does need, is the ability to create an unprivileged user namespace. This includes: - having the `kernel.unprivileged_userns_clone` sysctl set to 1 - having enough UIDs and GIDs in the /etc/sub*id mappings, which is the error message you got is complaining about. Just having the following lines should be enough: $ grep -H terceiro /etc/sub*id /etc/subgid:terceiro:100000:65536 /etc/subuid:terceiro:100000:65536 On Debian, those are added by default when you created an user account. I'm not sure about other systems. ¹ by default in a podman container you are root from the POV of the container, but uid 0 in the container is actually mapped to your regular UID on the host system.
Attachment:
signature.asc
Description: PGP signature
