tl;dr I don’t think this is possible.
Another error I would get:
> podman machine init
Error: exec: "qemu-system-x86_64": executable file not found in $PATH
- https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
- https://www.redhat.com/sysadmin/podman-inside-container
- Fedora:: Running "podman pull" during a "docker build" (i.e. within it's Dockerfile(5)) fails with:: "cannot clone: Operation not permitted; Error: cannot re-exec process" ... · Issue #9843 · containers/podman · GitHub
- cannot clone : Operation not permitted and Error: cannot re-exec process · Issue #10797 · containers/podman · GitHub
- podman-3.2.1 in container: cannot clone: Operation not permitted Error: cannot re-exec process · Issue #10802 · containers/podman · GitHub
- Build container images in a rootless container without privileges inside a Kubernetes cluster - cannot clone: operation not permitted · Issue #15785 · containers/podman · GitHub
- podman fail clone: Operation not permitted on ECS fargate which doesn't support privileged mode · Issue #17827 · containers/podman · GitHub
Basically Replit containers block Podman/Docker from using a specific syscall for cloning images. The Replit team would need to either:
- Build their images with
--security-opt seccomp=unconfined
(or--security-opt seccomp=/usr/share/containers/seccomp.json
). Runningsestatus
to check for SELinux printsdisabled
for me, otherwise we’d also need--security-opt label=disabled
to disable SELinux. - Run the images with
--privileged
I have a feeling the Replit team is not willing to do that, as I assume it would pose a security risk? I have learned that “rootless” does not equal “without any privilage at all”, but I don’t fully understand the security implications.
cc @dragonhunter1 again, since I’ve seen you mention Podman as an option a few times in other threads. It is unfortunately not an option.