Closed evelineraine closed 3 years ago
Umm... this can be addressed by https://github.com/containers/toolbox/issues/145
Or did you mean something else?
No, I don't think it's the same.
Buildah (in chroot
mode, like I'm running it) is able to build containers even from inside unprivileged containers. So, a toolbox container should have everything for Buildah to work without a shim binary.
I think there is an issue with access permissions to ~/.local/share/containers/storage
from inside the container, since unlike in an ordinary unprivileged container, it's mounted from the host.
And it's not a SELinux issue - putting it into permissive mode doesn't help.
Ok. Looking closely at the error messages, and based on what you wrote, this one stands out:
* "docker.io/library/alpine": Error committing the finished image: error adding layer with blob "sha256:89d9c30c1d48bac627e5c6cb0d1ed1eec28e7dbdfbcc04712e4c79c0f83faf17": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/shadow): lchown /etc/shadow: invalid argument
This has to do with the user and group IDs available in the Toolbox container's namespace, plus the fact that $HOME
is shared with the host. I don't know if there's an easy and generic way to fix this that doesn't involve tunnelling the buildah
invocation on the host.
Duplicate of #145
Description
Running
buildah containers
in freshly created (exceptdnf install
)fedora-toolbox:31
container on Fedora Workstation 31 Beta produces aPermission Denied
error.Also there are multiple errors while to run
buildah from
step in the same container.Rationale
Buildah works fully with
chroot
isolation in it's dedicatedquay.io/buildah/stable
container, or even in a generic fedora container in unprivileged rootless mode, allowing to build containers from inside a container. It makes sense it should also work in a comparatively very unconstrained toolbox container.Steps to reproduce
Environment
Host podman info:
Toolbox buildah info:
Toolbox container info: inspect.txt