[DOCS] selinux userns restrictions should be documented in the FAQ #806
Description
Describe the bug
Execute any command with podman, for example:
$ podman ps
cannot clone: Permission denied
Error: cannot re-exec process
Here is the debug info under secureblue:
$ podman info --log-level=debug
INFO[0000] podman filtering at log level debug
DEBU[0000] Called info.PersistentPreRunE(podman info --log-level=debug)
DEBU[0000] Using conmon: "/usr/bin/conmon"
INFO[0000] Using sqlite as database backend
DEBU[0000] Using graph driver overlay
DEBU[0000] Using graph root /var/home/cheng/.local/share/containers/storage
DEBU[0000] Using run root /run/user/1003/containers
DEBU[0000] Using static dir /var/home/cheng/.local/share/containers/storage/libpod
DEBU[0000] Using tmp dir /run/user/1003/libpod/tmp
DEBU[0000] Using volume path /var/home/cheng/.local/share/containers/storage/volumes
DEBU[0000] Using transient store: false
DEBU[0000] Not configuring container store
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
DEBU[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
DEBU[0000] Configured OCI runtime crun-vm initialization failed: no valid executable found for OCI runtime crun-vm: invalid argument
DEBU[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/crun"
cannot clone: Permission denied
Error: cannot re-exec process
DEBU[0000] Shutting down engines
To Reproduce
Run command like podman ps
Expected behavior
podman should work
Actual behavior
podman cannot list, remove, or add containers
Your current image
● ostree-image-signed:docker://ghcr.io/secureblue/silverblue-main-hardened:latest
Digest: sha256:c1f91f55ae7eca9bd38f4feacf96ab2039627be01418e42b8a79b82a955427d8
Version: 41.20250119.0 (2025-01-19T06:27:12Z)
LayeredPackages: docker docker-buildx ibus-table-mathwriter
For all images
This is not reproducible on silverblue-main image of ublue.