toolbox: Fail to enter toolbox container

Describe the bug Can’t enter into a new and default toolbox container after installing podman and toolbox packages and creating first container.

Steps how to reproduce the behaviour

~ > toolbox create
Image required to create toolbox container.
Download registry.fedoraproject.org/fedora-toolbox:36 (500MB)? [y/N]: y
Created container: fedora-toolbox-36
Enter with: toolbox enter
~ > toolbox enter
Error: failed to start container fedora-toolbox-36

Expected behaviour Enter into the new toolbox container.

Actual behaviour

~ > toolbox --verbose enter
DEBU Running as real user ID 1000                 
DEBU Resolved absolute path to the executable as /usr/bin/toolbox 
DEBU Running on a cgroups v2 host                 
DEBU Checking if /etc/subgid and /etc/subuid have entries for user inigo 
DEBU Validating sub-ID file /etc/subuid           
DEBU Validating sub-ID file /etc/subgid           
DEBU TOOLBOX_PATH is /usr/bin/toolbox             
DEBU Migrating to newer Podman                    
DEBU Toolbox config directory is /home/inigo/.config/toolbox 
DEBU Current Podman version is 4.1.0              
DEBU Creating runtime directory /run/user/1000/toolbox 
DEBU Old Podman version is 4.1.0                  
DEBU Migration not needed: Podman version 4.1.0 is unchanged 
DEBU Setting up configuration                     
DEBU Setting up configuration: file /home/inigo/.config/containers/toolbox.conf not found 
DEBU Resolving image name                         
DEBU Distribution (CLI): ''                       
DEBU Image (CLI): ''                              
DEBU Release (CLI): ''                            
DEBU Resolved image name                          
DEBU Image: 'fedora-toolbox:36'                   
DEBU Release: '36'                                
DEBU Resolving container name                     
DEBU Container: ''                                
DEBU Image: 'fedora-toolbox:36'                   
DEBU Release: '36'                                
DEBU Resolved container name                      
DEBU Container: 'fedora-toolbox-36'               
DEBU Resolving image name                         
DEBU Distribution (CLI): ''                       
DEBU Image (CLI): ''                              
DEBU Release (CLI): ''                            
DEBU Resolved image name                          
DEBU Image: 'fedora-toolbox:36'                   
DEBU Release: '36'                                
DEBU Resolving container name                     
DEBU Container: ''                                
DEBU Image: 'fedora-toolbox:36'                   
DEBU Release: '36'                                
DEBU Resolved container name                      
DEBU Container: 'fedora-toolbox-36'               
DEBU Checking if container fedora-toolbox-36 exists 
DEBU Inspecting mounts of container fedora-toolbox-36 
DEBU Starting container fedora-toolbox-36         
Error: failed to start container fedora-toolbox-36

Screenshots /

Output of toolbox --version (v0.0.90+) toolbox version 0.0.99.3

Toolbox package info (rpm -q toolbox) toolbox-0.0.99.3-4.fc36.x86_64

Output of podman version

Client:       Podman Engine
Version:      4.1.0
API Version:  4.1.0
Go Version:   go1.18
Built:        Fri May  6 18:15:54 2022
OS/Arch:      linux/amd64

Podman package info (rpm -q podman) podman-4.1.0-1.fc36.x86_64

Info about your OS Fedora WorkStation 36

Additional context This Fedora installation has been upgraded from previous versions (33…36), but it’s the first time I install podman & toolbox packages. No previous docker use either. Checked with selinux enabled and disabled.

It looks the same error that this old bug: https://github.com/containers/storage/issues/1068

~ > podman start --attach fedora-toolbox-36
Error: unable to start container 6b6c1ab2bb8303f04b7842f148c040f555dd2f4ac863e46d81263e123e396862: crun: make `/home/inigo/.local/share/containers/storage/overlay/c72bb088f73f1f5a6d4e35dc914af0f064680997dcaab42c1b8e619fed64a24a/merged` private: Permission denied: OCI permission denied

~ > ls -lZ ~/.local/share/containers/storage/overlay
total 0
drwx------. 5 inigo  inigo  unconfined_u:object_r:container_ro_file_t:s0  69 Jun  1 23:18 4fe2aae696d37916b68036632e625dfa39f3a20758ebf10a620c0396c4751874
drwx------. 5 100000 100000 unconfined_u:object_r:container_ro_file_t:s0  68 Jun  1 23:18 6fe086584e2cb90370083c3043dd2f42a16e052b6828424623f68f9c0a5d6dbd
drwx------. 6 inigo  inigo  unconfined_u:object_r:container_ro_file_t:s0  69 Jun  1 23:18 a7e6caf12d36232c05ce95d911fa5dace3f81d2f0e39556182015d258c881b64
drwx------. 4 100000 100000 unconfined_u:object_r:container_ro_file_t:s0  55 Jun  1 23:18 c72bb088f73f1f5a6d4e35dc914af0f064680997dcaab42c1b8e619fed64a24a
drwx------. 2 inigo  inigo  unconfined_u:object_r:container_ro_file_t:s0 142 Jun  1 23:18 l

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 19 (7 by maintainers)

Most upvoted comments

Err, I think I fixed it somehow on my workstation, but I’m not exactly sure what happened. I tried running command above, and got the expected error:

[matthewyates@fedora ~]$ podman run -it --userns=keep-id fedora echo hi
Error: crun: make `/var/home/matthewyates/.local/share/containers/storage/overlay/7d00eca1f6179fa2884bef1b29b5012f27a813271dbee3a74f8b530f26c78f13/merged` private: Permission denied: OCI permission denied

I then started playing around with the --userns arg without really understanding what I was doing:

[matthewyates@fedora ~]$ podman run -it --userns="" fedora echo hi
hi
[matthewyates@fedora ~]$ podman run -it --userns=nomap fedora echo hi
hi

I then ran the same command again:

[matthewyates@fedora ~]$ podman run -it --userns=keep-id fedora echo hi
hi

And now it appears to be working? I can also enter the toolbox just fine.

[matthewyates@fedora ~]$ toolbox enter

Welcome to the Toolbox; a container where you can install and run
all your tools.

 - Use DNF in the usual manner to install command line tools.
 - To create a new tools container, run 'toolbox create'.

For more information, see the documentation.

⬢[matthewyates@toolbox ~]$

This seems like a podman bug, though if anyone could explain what happen on my machine it would be greatly appreciated!.

+2
matyat on Jul 23, 2022

It happened to me again, so I was able to pinpoint the command which made it work again :

podman run -it --userns=nomap fedora echo hi
+1
LyesSaadi on Feb 14, 2023

Did this get solved? Or, is anybody still able to reproduce this?

It’s working here on Fedora 37.

Thanks for the feedback, @inigoserna ! I am going to close this issue then.

Thanks for your contributions and interest, all!

+1
debarshiray on Jan 19, 2023
Read more comments on GitHub
← toolbox: /etc/resolv.conf is broken when it's an absolute symbolic link on the host
toolbox: failed to create /run/.toolboxenv →