Dear all,
Has anyone tried to run a rootless container, or simply pull an image, from a systemd-homed session?
For some reason I am told there are potentially insufficient UIDs or GIDs available:
$ buildah from quay.io/fedora/fedora
Trying to pull quay.io/fedora/fedora:latest...
Getting image source signatures
Copying blob 4545346f2a49 done
writing blob: adding layer with blob "sha256:4545346f2a492b62d5a82682efe19b0e8e7583d5c19f75a74c81d62ec536c32d": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
But my /etc/sub{u,g}id are properly populated, `podman system migrate` runs without complaining and the subids *are* just available:
$ buildah unshare cat /proc/self/uid_map
0 60097 1
1 100000 65536
This is only happening in systemd-homed user sessions: normal users just work.
Using `sudo homectl with <user> -- buildah from quay.io/fedora/fedora` also works.
It looks like an important capability is dropped in systemd-homed session specifically that prevents id change.
Do you have any idea what it could be?
Best regards,
Gaël
Attachment:
signature.asc
Description: OpenPGP digital signature
