podman: cannot start inner podman as uid 0 #52
Description
For reasons involving needing write access to a bind mount from within a container, I have a rootless top-level container, in which I am trying to run podman as uid 0.
Here is what I am trying, and the output:
$ podman run -it --device /dev/fuse quay.io/podman/stable podman run hello-world
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello:latest...
Getting image source signatures
Copying blob 81df7ff16254 done |
Copying config 5dd467fce5 done |
Writing manifest to image destination
Error: crun: mount `proc` to `proc`: Operation not permitted: OCI permission denied
I can improve this by specifying an explicit mount for /proc, but then I get a different error:
$ podman run -it --device /dev/fuse quay.io/podman/stable podman run -v /proc:/proc hello-world
Resolved "hello-world" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull quay.io/podman/hello:latest...
Getting image source signatures
Copying blob 81df7ff16254 done |
Copying config 5dd467fce5 done |
Writing manifest to image destination
Error: crun: mount `mqueue` to `dev/mqueue`: Operation not permitted: OCI permission denied
I'm not really sure if this is a problem with the podman image, podman itself, or if I'm just holding it completely wrong, but suggestions would be appreciated.