How-to use podman inside podman and fix all issues with limited number of subuids and subgids?
Useful instruction on how to use podman container inside jenkins agent container.
Description: https://github.com/containers/podman/discussions/19931
TLDR:
Assign 65536-1001 UIDs to nested podman:
RUN bash -c "echo jenkins:1001:64535 > /etc/subuid"
RUN bash -c "echo jenkins:1001:64535 > /etc/subgid"
Then, if your container uses Debian image, _apt user has GID 65534, which now is outside of the 64535 range of UIDs available. So you have to change the GID of this user. Verify the UID on current version of debian, but on bookworm it's 42, so:
FROM docker.io/debian:bookworm
RUN sed -i 's/_apt:x:42:65534/_apt:x:42:0/g' /etc/passwd
TLDR:
Assign 65536-1001 UIDs to nested podman:
RUN bash -c "echo jenkins:1001:64535 > /etc/subuid"
RUN bash -c "echo jenkins:1001:64535 > /etc/subgid"
Then, if your container uses Debian image, _apt user has GID 65534, which now is outside of the 64535 range of UIDs available. So you have to change the GID of this user. Verify the UID on current version of debian, but on bookworm it's 42, so:
FROM docker.io/debian:bookworm
RUN sed -i 's/_apt:x:42:65534/_apt:x:42:0/g' /etc/passwd