What are the permissions supposed to be? I compared ~/.local/share/containers
permissions on my NixOS box against those on my Arch box and they are functionally the same (the user name is different). I’m getting the same error, but the permission seem okay to me.
Actually, though the error is the same, the output is not. I’m not getting as far as the OP.
$ distrobox enter Alpine
Error: unable to start container "bb882c012935c611a0bdf5498b96f8ee283778dec608a2780bc09098ea7d5557": crun: make `/home/nas/.local/share/containers/storage/overlay/5d9b7670ea46907dae3c4a833c614eb501ba533945483ccd2cee55c4d3513e3b/merged` private: Permission denied: OCI permission denied
Oh, I see. There are some bits that are for user 100000 deeper in. However, that still hasn’t fixed it.
$ sudo chown -R nas:users /home/nas/.local/share/containers/
$ distrobox enter Alpine
Error: unable to start container "bb882c012935c611a0bdf5498b96f8ee283778dec608a2780bc09098ea7d5557": crun: make `/home/nas/.local/share/containers/storage/overlay/5d9b7670ea46907dae3c4a833c614eb501ba533945483ccd2cee55c4d3513e3b/merged` private: Permission denied: OCI permission denied
Checking again, it seems as though distrobox enter Alpine
changes the ownership of some things to 100000.
I tried making an Arch container, hoping that might work.
$ distrobox create -i quay.io/toolbx/arch-toolbox:latest -n Arch
Image quay.io/toolbx/arch-toolbox:latest not found.
Do you want to pull the image now? [Y/n]:
Trying to pull quay.io/toolbx/arch-toolbox:latest...
Getting image source signatures
Copying blob 6cc55ea46ffd done |
Copying blob 444f393ce858 done |
Copying blob bad1a154f7d9 done |
Copying blob 86584fa290cd done |
Copying blob 14942c50b750 done |
Copying blob 2ae6caf89940 done |
Copying blob 7da672e31a5a done |
Copying config cbee9ee815 done |
Writing manifest to image destination
cbee9ee815e47512003cdac0e9351e91a824e66308611060a6e1a5b0d928c58f
Creating 'Arch' using image quay.io/toolbx/arch-toolbox:latest [ OK ]
Distrobox 'Arch' successfully created.
To enter, run:
distrobox enter Arch
$ distrobox enter Arch
Error: unable to start container "f0035f9d00807ac6fa352339137a09c52e4978572613f4c811db6811c67f8787": crun: make `/home/nas/.local/share/containers/storage/overlay/8b0bb6268fcf71c125b70c1901a2f05ac48c9f7b147ba726aa2e8289c4f7ea4e/merged` private: Permission denied: OCI permission denied
$ sudo chown -R nas:users /home/nas/.local/share/containers/
$ distrobox enter Arch
Error: unable to start container "f0035f9d00807ac6fa352339137a09c52e4978572613f4c811db6811c67f8787": crun: make `/home/nas/.local/share/containers/storage/overlay/8b0bb6268fcf71c125b70c1901a2f05ac48c9f7b147ba726aa2e8289c4f7ea4e/merged` private: Permission denied: OCI permission denied
It did not.
Reading about how to set up Distrobox and Podman on a Steam Deck (https://github.com/89luca89/distrobox/blob/b58202f649cccd6edc92c7c5072e7eac043b8d63/docs/posts/steamdeck_guide.md) it seems
$ sudo usermod --add-subuid 100000-165535 --add-subgid 100000-165535
would work. However, I’d like to do it the NixOS Way™.
https://search.nixos.org/options?show=users.extraUsers.<name>.sub*idRanges
However, last time I messed with my user settings, I rendered my VM unusable. Unlike my NAS, it didn’t have a root account for me to log into to fix that, but still, I’d rather not bork my user account.
Is something along that lines what I’m looking for? Something like:
users.extraUsers.nas = {
subUidRanges = [
{ count = 1; startUid = 1000; }
{ count = 65535; startUid = 100000; }
];
subGidRanges = [
{ count = 1; startGid = 1000; }
{ count = 65535; startGid = 100000; }
];
};
I decided to try this in the NixOS VM I use for experimenting. For some reason, I can’t reproduce this issue; distrobox
isn’t setting ownership to user:group 100000.