Getting podman to work in homebrew/brew image

[osalbahr]

Issue Description

I'm trying to port distrobox to macOS by first getting brew install distrobox to be fully-functional on Linux. I currently have an error (Homebrew/homebrew-core#135178) that boils down to:

linuxbrew@0c8ca793436f:~$ podman ps
cannot clone: Permission denied
Error: cannot re-exec process

I get a slightly different error with sudo apt install podman (an extra line in the beginning):

 ╰─λ podman run -it homebrew/brew
linuxbrew@c542e361e05b:~$ { sudo apt-get update && sudo apt-get install -y podman;}>/dev/null
sudo: unable to send audit message: Operation not permitted
sudo: unable to send audit message: Operation not permitted
debconf: delaying package configuration, since apt-utils is not installed
linuxbrew@c542e361e05b:~$ podman ps
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers 
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@c542e361e05b:~$ podman version
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers 
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@c542e361e05b:~$ 

Steps to reproduce the issue

Steps to reproduce the issue

1. podman run -it homebrew/brew
2. sudo apt-get update && sudo apt-get install -y podman
3. podman ps

Also

1. podman run -it homebrew/brew
2. sudo apt-get update && sudo apt-get install -y podman
3. sudo podman ps

Describe the results you received

I tried with two different versions, the one from brew and the one from apt:

linuxbrew@138c19987d63:~$ podman --version
podman version 4.5.1
linuxbrew@138c19987d63:~$ podman ps
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@138c19987d63:~$ sudo podman ps
sudo: unable to send audit message: Operation not permitted
sudo: podman: command not found
linuxbrew@138c19987d63:~$

linuxbrew@9f9951271860:~$ podman --version
podman version 3.4.4
linuxbrew@9f9951271860:~$ podman ps
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@9f9951271860:~$ sudo podman ps
sudo: unable to send audit message: Operation not permitted
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@9f9951271860:~$

Describe the results you expected

osalbahr@vclvm176-210:~$ podman ps
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

podman info output

I tried with two different versions, the one from `brew` and the one from `apt`:

linuxbrew@138c19987d63:~$ podman --version
podman version 4.5.1
linuxbrew@138c19987d63:~$ podman info
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@138c19987d63:~$ sudo podman info
sudo: unable to send audit message: Operation not permitted
sudo: podman: command not found
linuxbrew@138c19987d63:~$

linuxbrew@9f9951271860:~$ podman --version
podman version 3.4.4
linuxbrew@9f9951271860:~$ podman info
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@9f9951271860:~$ sudo podman info
sudo: unable to send audit message: Operation not permitted
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@9f9951271860:~$

Podman in a container

Yes

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

https://hub.docker.com/r/homebrew/brew

$ podman run -it homebrew/brew
...
linuxbrew@138c19987d63:~$ uname -a
Linux 138c19987d63 6.3.6-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun  5 15:45:04 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
linuxbrew@138c19987d63:~$ neofetch
            .-/+oossssoo+/-.               linuxbrew@138c19987d63
        `:+ssssssssssssssssss+:`           ----------------------
      -+ssssssssssssssssssyyssss+-         OS: Ubuntu 22.04.2 LTS x86_64
    .ossssssssssssssssssdMMMNysssso.       Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-8.0)
   /ssssssssssshdmmNNmmyNMMMMhssssss/      Kernel: 6.3.6-200.fc38.x86_64
  +ssssssssshmydMMMMMMMNddddyssssssss+     Uptime: 1 hour, 49 mins
 /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/    Packages: 211 (dpkg), 133 (brew)
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Shell: bash 5.1.16
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Resolution: 1280x800
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   CPU: 06/8e (1) @ 2.303GHz
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Memory: 497MiB / 1953MiB
+sssshhhyNMMNyssssssssssssyNMMMysssssss+
.ssssssssdMMMNhsssssssssshNMMMdssssssss.
 /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/
  +sssssssssdmydMMMMMMMMddddyssssssss+
   /ssssssssssshdmNNNNmyNMMMMhssssss/
    .ossssssssssssssssssdMMMNysssso.
      -+sssssssssssssssssyyyssss+-
        `:+ssssssssssssssssss+:`
            .-/+oossssoo+/-.

linuxbrew@138c19987d63:~$ brew config
HOMEBREW_VERSION: 4.0.26-7-ga41a1fd
ORIGIN: https://github.com/Homebrew/brew
HEAD: a41a1fd782daf95a1ecdfcbcfe6127ca027c4d37
Last commit: 63 minutes ago
Core tap origin: https://github.com/Homebrew/homebrew-core
Core tap HEAD: cf3cb18796664100f963873bfd2d603d80491b74
Core tap last commit: 19 hours ago
Core tap branch: master
Core tap JSON: 28 Jun 11:45 UTC
HOMEBREW_PREFIX: /home/linuxbrew/.linuxbrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 1
Homebrew Ruby: 2.6.10 => /home/linuxbrew/.linuxbrew/Homebrew/Library/Homebrew/vendor/portable-ruby/2.6.10_1/bin/ruby
CPU: single-core 64-bit skylake
Clang: N/A
Git: 2.41.0 => /bin/git
Curl: 7.81.0 => /bin/curl
Kernel: Linux 6.3.6-200.fc38.x86_64 x86_64 GNU/Linux
OS: Unknown
Host glibc: 2.35
/usr/bin/gcc: 11.3.0
/usr/bin/ruby: N/A
glibc: N/A
gcc@11: N/A
gcc: N/A
xorg: N/A
linuxbrew@138c19987d63:~$

Additional information

The main issue is this CI workflow test that I'm trying to replicate: https://github.com/Homebrew/homebrew-core/actions/runs/5395788250/jobs/9798696108?pr=135178

[Luap99]

This is not a bug, you cannot run podman inside a unprivileged container. Nested containers are complicated, see https://www.redhat.com/sysadmin/podman-inside-container for more info.

[osalbahr]

Thx! I'll add some more error logs to aid with searches. Let me know if I should close this discussion or leave it open.

1. brew on homebrew/brew

 ╰─λ podman run -it homebrew/brew
linuxbrew@8672d7eec057:~$ brew install podman >temp.txt
Running `brew update --auto-update`...
==> Homebrew has enabled anonymous aggregate formula and cask analytics.
Read the analytics documentation (and how to opt-out) here:
  https://docs.brew.sh/Analytics
No analytics have been recorded yet (nor will be during this `brew` run).

==> Homebrew is run entirely by unpaid volunteers. Please consider donating:
  https://github.com/Homebrew/brew#donations

linuxbrew@8672d7eec057:~$ podman ps
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@8672d7eec057:~$ tail temp.txt
==> Summary
🍺  /home/linuxbrew/.linuxbrew/Cellar/podman/4.5.1: 249 files, 121.8MB
==> Running `brew cleanup podman`...
Disable this behaviour by setting HOMEBREW_NO_INSTALL_CLEANUP.
Hide these hints with HOMEBREW_NO_ENV_HINTS (see `man brew`).
==> Caveats
==> podman
Warning: podman provides a service which can only be used on macOS or systemd!
You can manually execute the service instead with:
  /home/linuxbrew/.linuxbrew/opt/podman/bin/podman system service --time=0
linuxbrew@8672d7eec057:~$ /home/linuxbrew/.linuxbrew/opt/podman/bin/podman system service --time=0
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@8672d7eec057:~$ podman ps
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@8672d7eec057:~$

2. apt on homebrew/brew

linuxbrew@b3bfb61a7526:~$ sudo apt-get update >temp.txt
sudo: unable to send audit message: Operation not permitted
linuxbrew@b3bfb61a7526:~$ sudo apt-get install -y podman >temp2.txt
sudo: unable to send audit message: Operation not permitted
debconf: delaying package configuration, since apt-utils is not installed
linuxbrew@b3bfb61a7526:~$ podman ps
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
linuxbrew@b3bfb61a7526:~$

3. apt on ubuntu

 ╰─λ podman run -it ubuntu
root@eb140a5acb00:/# apt-get update >temp.txt
root@eb140a5acb00:/# apt-get install -y podman >temp2.txt
debconf: delaying package configuration, since apt-utils is not installed
root@eb140a5acb00:/# podman ps
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
cannot clone: Permission denied
Error: cannot re-exec process
root@eb140a5acb00:/#