I installed boxbuddy, and any time I try to make a box (I various distros from the options) it always ends in an error as shown in the video in this GitHub issue:
Error: no such container test
Create it now, out of image registry.fedoraproject.org/fedora-toolbox:latest? [Y/n]: y
Creating the container test
Trying to pull registry.fedoraproject.org/fedora-toolbox:latest...
Getting image source signatures
Copying blob 96dfb2f17f83 done |
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:96dfb2f17f833e7f60f41cbe6fe6ba39bcf5e8d1f8849200a48d08d03859e377"/""/"sha256:3d8394a6f815fea00b4b9bb1e4cbf477e346b92dae272015775876d76c137dcb": unpacking failed (error: exit status 1; output: potentially insufficient UIDs or GIDs available in user namespace (requested 0:114 for /etc/polkit-1/localauthority): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/polkit-1/localauthority: invalid argument)
In videos of boxbuddy on YouTube people simply install boxbuddy and successfully create a box seemingly the same way as I am trying.
I installed with pacman -S boxbuddy podman. What am I missing? What should I check? What info do you need?
That last line seems like a permissions issue with polkit. But also why would it try to get a fedora image if I’m not trying fedora?
EDIT:
distrobox create -n testingggg fails with the same error, so it is not related to boxbuddy.
I configured distrobox to use docker instead of podman with
container_manager="docker"
in ~/.config/distrobox/distrobox.conf and that works:
❯ distrobox create -n testingggg
Image registry.fedoraproject.org/fedora-toolbox:latest not found.
Do you want to pull the image now? [Y/n]: y
latest: Pulling from fedora-toolbox
96dfb2f17f83: Pull complete
Digest: sha256:bf2eb0cd9a89acd474081c38d8ba57136b0875ac5faf6197be71a7a38ba68f39
Status: Downloaded newer image for registry.fedoraproject.org/fedora-toolbox:latest
registry.fedoraproject.org/fedora-toolbox:latest
Creating 'testingggg' using image registry.fedoraproject.org/fedora-toolbox:latest [ OK ]
Distrobox 'testingggg' successfully created.
To enter, run:
distrobox enter testingggg
Successfully copied 2.56kB to /tmp/testingggg.os-release
I can’t say what the issue is - but it is local to your system.
The boxbuddy GUI does not provide much feedback - but eventually it will pop a console
Setting up read-only mounts... [ OK ]
Setting up read-write mounts... [ OK ]
Setting up host's sockets integration... [ OK ]
Integrating host's themes, icons, fonts... [ OK ]
Setting up distrobox profile... [ OK ]
Setting up sudo... [ OK ]
Setting up user groups... [ OK ]
Setting up user's group list... [ OK ]
Adding user... [ OK ]
Ensuring user's access... [ OK ]
Container Setup Complete!
âš First time user password setup âš
Changing password for user fh.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
This happens inside your box - whichever image you did base it upon - I based the test on alma 9.
Using a container can be quite confusing e.g.
13:58:13 â—‹ [fh@tiger] ~
$ boxbuddy
bash: boxbuddy: command not found
14:02:55 â—‹ [fh@tiger] ~
$ sudo pacman -S
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for fh:
sudo: pacman: command not found
14:03:09 â—‹ [fh@tiger] ~
$ uname -a
Linux tiger 6.14.2-1-MANJARO #1 SMP PREEMPT_DYNAMIC Thu, 10 Apr 2025 19:15:08 +0000 x86_64 x86_64 x86_64 GNU/Linux
14:06:41 â—‹ [fh@tiger] ~
$ sudo dnf update
Last metadata expiration check: 0:09:39 ago on tir 15 apr 2025 13:57:53 CEST.
Dependencies resolved.
Nothing to do.
Complete!
Ah, maybe that’s it. In any case I switched to docker already and got it working without having to configure permissions for anything. And this way I don’t have to fiddle with system configs (and don’t have to track those changes for reproducing on new installs).
Yeah it does open a console, but then has the error I pasted. @megavolt mentioned I may need to enable rootless mode for podman; if that’s the case I wish the podman error was more helpful (f.e. “you’re not running as root, so you need to enable rootless mode” or something), but docker is working out of the box so I’ll stick to that for now.
Well, you will probably have added yourself to the docker group so that you can use docker as a normal user “rootless”, which are just 2 commands for podman, as you can read. You have probably already done this for docker, and not for podman. So it’s not true that you didn’t have to configure any permissions for docker…
Read and understand:
Everything is there. Just read it and search the internet.
If you want to be able to run the docker CLI command as a non-root user, add your user to the dockeruser group, re-login and restart docker.service.
I probably did this a long time ago and forgot (I just re-installed my system over a 3 year old one, and kept /etc/group basically the same after checking for any default .pacnew changes.
From a UX perspective that’s not the clearest message. F.e. What user namespace? The one in the box I’m trying to launch? What even is a user namespace (I haven’t used that term before)?
A message like “If you’re running as a non-root user, your user likely needs permissions to run podman boxes” would be more clear.
Ironically I did search for these outputs on Google for quite a bit, and all the results I landed on didn’t have any solutions (apart from the the Arch Wiki page but I did not make the connection with subuid and subgid as I have never once used those to give myself permissions since I started using Linux 15 years ago).
