From c831e2e46d103891ef4755385e9af116733328c7 Mon Sep 17 00:00:00 2001 From: Luca Di Maio Date: Mon, 25 Sep 2023 00:25:33 +0200 Subject: [PATCH] docs: document incompatibility with VirtualBox, Fix #910 Signed-off-by: Luca Di Maio --- distrobox-export | 2 +- docs/useful_tips.md | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/distrobox-export b/distrobox-export index c6c617ee33..61ff3da980 100755 --- a/distrobox-export +++ b/distrobox-export @@ -324,7 +324,7 @@ export_binary() { export_application() { canon_dirs="" - IFS=":" + IFS=":" if [ -n "${XDG_DATA_DIRS}" ]; then for xdg_data_home in ${XDG_DATA_HOME}; do [ -d "${xdg_data_home}/applications" ] && canon_dirs="${canon_dirs} ${xdg_data_home}/applications" diff --git a/docs/useful_tips.md b/docs/useful_tips.md index a54fb4844c..c66fdf2ffe 100644 --- a/docs/useful_tips.md +++ b/docs/useful_tips.md @@ -626,6 +626,29 @@ Note that this is necessary only on Kernel version older than `5.11` . From version `5.11` onwards native `overlayfs` is supported and reports noticeable gains in performance as explained [HERE](https://www.redhat.com/sysadmin/podman-rootless-overlay) +## Permission problems when using VirtualBox + +If you have VirtualBox installed on your host, you may encounter some permission +problems using **rootless Podman**: + +```log +Error: unable to start container "XYZ": runc: runc create failed: unable to start container process: error during container init: error mounting "/dev/vboxusb/002/005" to rootfs at "/dev/vboxusb/002/005": lstat /..../dev/vboxusb/002: permission denied: OCI permission denied +``` + +This is because a rootless container done with `runc` will not port the host's groups +into the container. + +The solution is to install `crun` from your package manager, and recreate your container. + +crun supports the flag + +```sh +run.oci.keep_original_groups=1 +``` + +Which will allow porting the host's group inside the container, thus making it possible +for the rootless container to read vbox files. + ## Container save and restore To save, export and reuse an already configured container, you can leverage