containers
Can't enter Freedesktop OCI image
I can't enter the Freedesktop OCI image using toolbox on a recently installed Fedora 41 upgraded to 42, it fails with the error message:
Error: failed to bind /etc/machine-id to /run/host/etc/machine-id
Reproducer:
$ toolbox create -i ghcr.io/flathub-infra/flatpak-github-actions:freedesktop-24.08
Image required to create Toolbx container.
Download ghcr.io/flathub-infra/flatpak-github-actions:freedesktop-24.08 (1.72GB)? [y/N]: y
Created container: flatpak-github-actions-freedesktop-24.08
Enter with: toolbox enter flatpak-github-actions-freedesktop-24.08
$ toolbox enter flatpak-github-actions-freedesktop-24.08
Error: failed to bind /etc/machine-id to /run/host/etc/machine-id
Debug:
$ podman start --attach flatpak-github-actions-freedesktop-24.08
level=debug msg="Running as real user ID 0"
level=debug msg="Resolved absolute path to the executable as /usr/bin/toolbox"
level=debug msg="TOOLBX_DELAY_ENTRY_POINT is "
level=debug msg="TOOLBX_FAIL_ENTRY_POINT is "
level=debug msg="TOOLBOX_PATH is /usr/bin/toolbox"
level=debug msg="Migrating to newer Podman"
level=debug msg="Migration not needed: running inside a container"
level=debug msg="Setting up configuration"
level=debug msg="Setting up configuration: file /etc/containers/toolbox.conf not found"
level=debug msg="Setting up configuration: file /root/.config/containers/toolbox.conf not found"
level=debug msg="Resolving container and image names"
level=debug msg="Container: ''"
level=debug msg="Distribution (CLI): ''"
level=debug msg="Image (CLI): ''"
level=debug msg="Release (CLI): ''"
level=debug msg="Resolved container and image names"
level=debug msg="Container: 'fedora-toolbox-40'"
level=debug msg="Image: 'fedora-toolbox:40'"
level=debug msg="Release: '40'"
level=debug msg="Creating /run/.toolboxenv"
level=debug msg="Path /run/host/etc exists"
level=debug msg="Resolved /etc/localtime to /run/host/usr/share/zoneinfo/Europe/Paris"
level=debug msg="Creating regular file /etc/machine-id"
level=debug msg="Binding /etc/machine-id to /run/host/etc/machine-id"
Error: failed to bind /etc/machine-id to /run/host/etc/machine-id
Version info
toolbox-0.1.1-3.fc42.x86_64
$ podman version
Client: Podman Engine
Version: 5.4.2
API Version: 5.4.2
Go Version: go1.24.1
Git Commit: be85287fcf4590961614ee37be65eeb315e5d9ff
Built: Wed Apr 2 02:00:00 2025
Build Origin: Fedora Project
OS/Arch: linux/amd64
Oops! This reminds me of https://github.com/containers/toolbox/issues/911 where some locations on the host were mounted with nodev, noexec or nosuid. One of those locations was /etc/machine-id, and I thought we fixed it in https://github.com/containers/toolbox/commit/219f5b4be428388f2b8cc12a7480c4a6922b59ca :(
Turns out that this is caused by mount(8) being missing in the ghcr.io/flathub-infra/flatpak-github-actions:freedesktop-24.08 image.
I suppose we can soften the failure by emitting a warning about some loss in functionality due to the missing command.
In the past, we chose to fail hard because there was no way to communication channel between the toolbox init-container running inside the container as its entry point, and the toolbox enter running on the host. So, it was impossible to pass anything beyond a boolean failure or success state.
These days we do have a communication channel, which is why you see that Error: failed ... message. So, we can do better now.