Description of problem: newuidmap requires cap_sys_admin capability - this makes it impossible for podman to create new containers from within containers -- in a restricted environment. Reproducer: I am tracking the complete reproducer in a dedicated github repo. We are trying this in openshift directly. https://github.com/TomasTomecek/rootless-podman-in-openshift Additional info: https://github.com/containers/libpod/issues/1092 https://github.com/genuinetools/img/issues/170 https://github.com/genuinetools/img/pull/171 https://github.com/shadow-maint/shadow/pull/132 https://github.com/shadow-maint/shadow/pull/136
shadow-utils-4.6-4.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-053fa23050
shadow-utils-4.6-4.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196
shadow-utils-4.6-4.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-053fa23050
shadow-utils-4.6-4.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196
It fixes the issue.
shadow-utils-4.6-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
shadow-utils-4.6-4.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.