# cat ~/Dockerfile.podman FROM podman/stable RUN useradd podman # podman run -ti --security-opt seccomp=/tmp/seccomp.json --user podman --rm podman podman unshare cat /etc/subuid ERRO[0000] unable to write system event: "write unixgram @000ea->/run/systemd/journal/socket: sendmsg: no such file or directory" podman:100000:65536 # podman run -ti --security-opt seccomp=unconfined --user podman --rm podman podman unshare cat /proc/self/uid_map ERRO[0000] unable to write system event: "write unixgram @000df->/run/systemd/journal/socket: sendmsg: no such file or directory"          0       1000          1 # podman run -ti --security-opt seccomp=/tmp/seccomp.json --user podman --rm podman podman unshare cat /proc/self/uid_map ERRO[0000] unable to write system event: "write unixgram @000e6->/run/systemd/journal/socket: sendmsg: no such file or directory"          0       1000          1 Running with Debug shows DEBU[0000] error from newuidmap: newuidmap: write to uid_map failed: Operation not permitted WARN[0000] using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding subids User Namespace does not seem to be working unless I add "clone" syscall, and SETUID, SETGID # podman run -ti --cap-add SETUID,SETGID --security-opt seccomp=/tmp/seccomp.json --user podman --rm podman podman unshare cat /proc/self/uid_map ERRO[0000] unable to write system event: "write unixgram @00103->/run/systemd/journal/socket: sendmsg: no such file or directory"          0       1000          1          1     100000      65536 ```Need these SELinux Rules: allow container_t nsfs_t:file read; allow container_t proc_t:filesystem mount; allow container_t tmpfs_t:filesystem { mount unmount }; ``` I am getting close with this:  diff /usr/share/containers/seccomp.json /tmp/seccomp.json 367c367,370 <                 "unshare" --- # podman run -ti --privileged --cap-add SETUID,SETGID --security-opt seccomp=/tmp/seccomp.json --user podman --rm podman podman run --net=host --cgroup-manager cgroupfs alpine echo hello ERRO[0000] unable to write system event: "write unixgram @0016a->/run/systemd/journal/socket: sendmsg: no such file or directory" Trying to pull docker.io/library/alpine... Getting image source signatures Copying blob 89d9c30c1d48 done Copying config 965ea09ff2 done Writing manifest to image destination Storing signatures ERRO[0004] unable to write pod event: "write unixgram @0016a->/run/systemd/journal/socket: sendmsg: no such file or directory" Error: cannot configure rootless cgroup using the cgroupfs manager executable file not found in $PATH: No such file or directory: OCI runtime command not found error