Whatever configuration and/or distribution I try the outcome is all the same and I can’t seem to find anything on this subject, could someone please chime in? Thank you!
docker
[rootlesskit:parent] error: failed to setup UID/GID map: newuidmap 4013 [0 1001 1 1 165536 65536] failed: newuidmap: write to uid_map failed: Operation not permitted
podman
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
ERRO[0000] running `/usr/bin/newuidmap 1051 0 1000 1 1 100000 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot set up namespace using "/usr/bin/newuidmap": exit status 1
Ok, so that one container has only 65536 which makes it impossible for it to further delegate 65536 to a nested container.
You’ll need to make sure your container has at least 165536 uid/gid mapped for the nested container to be happy.
If you’re using the LXD snap, then the limit of 65536 is most likely because you’re using security.idmap.isolated=true, if you are, then just set security.idmap.size=200000 and restart the container, you’ll then have 200k uid/gid to play with which should make things work much better.
If you’re not using the LXD snap, then that 65k you have currently is likely coming from whatever you have in /etc/subuid and /etc/subgid on your host. In that case, you’ll need to update those files, then restart LXD, then recreate your container. At which point it should have the much larger allocation and nesting should behave.
