Unable to run podman rootfull / rootless inside chroot environment.

[GamePlayer-8]

Heyo,

I'm having a problem with podman inside privileged chroot.

Every time I'm trying to use it, I'm getting:

• as root:

> podman run --name builder -it alpine
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/00-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob f56be85fc22e done  
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09": processing tar file(remount /, flags: 0x44000: invalid argument): exit status 1

• as user:

> podman run --name builder -it alpine
cannot clone: Operation not permitted
Error: cannot re-exec process

---

I've installed inside chroot fuse-overlayfs & configured it for podman rootless, but so far it doesn't worked.

Is there any way to make podman work inside chroot?

[rhatdan]

There are probably syscalls and other components that are being blocked within a chroot. You could attempt to see what syscalls are being blocked using strace.

Why do you want to run podman within a chroot?

@giuseppe Ideas?

[giuseppe]

creating a user namespace is blocked in a chroot, here is the relevant check in the kernel:

	/*
	 * Verify that we can not violate the policy of which files
	 * may be accessed that is specified by the root directory,
	 * by verifying that the root directory is at the root of the
	 * mount namespace which allows all files to be accessed.
	 */
	ret = -EPERM;
	if (current_chrooted())
		goto fail_dec;

so it is not a Podman issue, and nothing we can do about it

[GamePlayer-8]

strace as user:

• strace_user.txt

strace as root:

• strace_root.txt

[rhatdan]

These both show up as empty files/

[rhatdan]

Ok now it is working.
It looks like something in the overlay mount is being blocked.

Could you try with driver=vfs and see it this works.

[GamePlayer-8]

They're not empty.

[GamePlayer-8]

After switching on vfs as root:

> podman pull alpine
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/00-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob f56be85fc22e done  
ERRO[0020] While applying layer: ApplyLayer stdout:  stderr: remount /, flags: 0x44000: invalid argument exit status 1 
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09": ApplyLayer stdout:  stderr: remount /, flags: 0x44000: invalid argument exit status 1

Full strace log: strace_root_vfs.txt