I’m trying to run docker-in-docker (dind) (more specifically, docker:22.06.0-beta.0-dind-rootless) image on a very bare-bones Linux installation, but whenever i try to run the container, i get the following error message:

[rootlesskit:parent] error: failed to setup UID/GID map: newuidmap 493 [0 1000 1 1 100000 65536] failed: newuidmap: Could not set caps

The aforementioned Linux host (running on a VirtualBox VM) is composed solely of the following components:

• kernel 5.18.4
• busybox 1.35.0 (a reduced set of the utils it provides)
• iptables 1.8.8 (docker dependency)
• docker 20.10.9 (installed from a pre-built binary)
• shadow-subids 4.10 (provides newuidmap and newgidmap binaries, added on an attempt to fix the problem, not sure if that should be on the container side)

Everything listed above (with the exception of docker) is built from source, statically linked and customized to be as minimal as possible

So you basically ran Docker in a very small virtual machine based on busybox, right?

How did you run the container? Did you set the privileged flag? Please, share your docker run command

Sorry, i forgot to include the full details of the problem (and the solution as well) as i already solved it, you can check the full discussion here

My kernel was lacking support for extended attributes, i’ve enabled it by compiling with the option CONFIG_EXT4_FS_SECURITY (Ext4 Security Labels) and now both newuidmap and newgidmap retain their proper file capabilities when running the container