Skip to content

buildah fails in nested container, while podman runs with same configuation #6148

New issue
New issue
Open
Open
buildah fails in nested container, while podman runs with same configuation#6148
Labels
kind/bugCategorizes issue or PR as related to a bug.stale-issue
@avikivity

Description

@avikivity
avikivity
opened on Apr 29, 2025

Issue Description

On main (e886f27)

I have a nested container configuration (rootfull-in-rootless). The outer container is running with --privileged, and I bind-mount the host ~/.local/share/containers into the outer container.

The outer container adjusts the storage settings so:

# cat /etc/containers/containers.conf.d/nested.conf 
[engine]
static_dir = "/home/avi/.local/share/containers/storage/libpod"
volume_path = "/home/avi/.local/share/containers/storage/libpod"

[containers]
# netns = private, the default, doesn't work in nested containers,
# and we don't mind using the host network anyway.
netns = "host"

podman works with this configuration - it can run containers, pull images; the outer container's storage and host storage look fully shared.

However, buildah does not. Running in the outer container, trying to create an inner container:

bash-5.2# buildah from docker.io/fedora:42
Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
WARN[0000] failed to shutdown storage: "'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver"

I checked with strace and buildah does read my nested.conf.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Create an outer container with --privileged and ~/.local/share/containers bind-mounted, and storage configuration redirected into though directories
  2. install buildah in the outer contain
  3. run buildah from fedora:42 to create an inner container

Describe the results you received

Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver

Describe the results you expected

inner container created

buildah version output

Version:         1.41.0-dev
Go Version:      go1.23.8
Image Spec:      1.1.1
Runtime Spec:    1.2.1
CNI Spec:        1.1.0
libcni Version:  v1.3.0
image Version:   5.35.0
Git Commit:      e886f271eef26768c658f618003d53fd01f749df
Built:           Tue Apr 29 22:34:20 2025
OS/Arch:         linux/amd64
BuildPlatform:   linux/amd64

buildah info output

Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
WARN[0000] failed to shutdown storage: "'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver"

Provide your storage.conf

Using Fedora 41 defaults for the outer container, and Fedora 42 defaults for the host.

Adjustment for outer container (in /etc/containers/containers.conf.d):

[engine]
static_dir = "/home/avi/.local/share/containers/storage/libpod"
volume_path = "/home/avi/.local/share/containers/storage/libpod"

[containers]
# netns = private, the default, doesn't work in nested containers,
# and we don't mind using the host network anyway.

Upstream Latest Release

Yes

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.stale-issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions