I’m trying to implement this idea with this code but it appears that podman-compose has (namespace related?) issues when running under a systemd dynamic user.
First I was bitten by a segfault of newuidmap similar to this one which was since solved here.
To enjoy that fix, I overrode the responsible module with
imports = [
inputs.pp-modules.nixosModules.compose-pod
"${inputs.nixpkgs-unstable}/nixos/modules/security/wrappers/default.nix"
];
# could this be the solution? https://github.com/NixOS/nixpkgs/pull/231673
disabledModules = [ "security/wrappers/default.nix" ];
but I still get an error:
compose-wrap.sh[584258]: time="2023-10-11T17:29:11+02:00" level=error msg="running `/run/wrappers/bin/newuidmap 584265 0 992 1 1 231072 65536`: newuidmap: write to uid_map failed: Operation not permitted\n"
compose-wrap.sh[584258]: Error: cannot set up namespace using "/run/wrappers/bin/newuidmap": exit status 1
Any ideas?