Why toolbox on MicroOS instead of distrobox like on Aeon?

Toolbox in MicroOS fails w/ a mount error:

Error: unable to start container "02c304841fa26b5cb71fdbd6185f2aab3d24a6a5d359968accc19f6dfd5f1a87": runc: runc create failed: unable to start container process: error during container init: error mounting "/" to rootfs at "/media/root": mount dst=/media/root, dstFd=/proc/thread-self/fd/8, flags=0x5020: operation not permitted: OCI permission denied

This looks like the same bug as this one:

https://bugzilla.opensuse.org/show_bug.cgi?id=1226599

Which is likely related to the mentioned bug in podman (can’t like because of forum limit for new users?).

it seems to work when I run it in sandbox mode (toolbox -S), so I think the problem is the --privileged option that’s on by default.

I’m using Aeon on my laptop, and distrobox seems to do something very similar (also seems to do --privileged by default?), yet it doesn’t have the same issue. In general, I’ve been liking distrobox, so it’s a bit odd to me that MicroOS, which seems to be in the same family as Aeon, uses a different tool to accomplish largely the same thing. Is there a reason for this?

Some context, in case it’s relevant:

I installed MicroOS on a Hetzner ARM instance using the OpenStack Cloud image because there was no ISO available. I basically set up an Alpine Linux instance, downloaded the MicroOS qcow2 image, then applied w/ qemu-img, taking inspiration from this script. The install process only created a root user (but worked w/ my SSH keys through cloud-init!), so I created a user account manually: useradd -m -G users <username>. And that’s pretty much it!

My goal here is to switch from my current VPS running Leap by moving some containers over, but I need a place to grab some tools for testing and whatnot, and it seems toolbox is the intended way to go. But it’s a bit odd to me that podman doesn’t exist by default, and it doesn’t seem to work in the root shell that’s presented with toolbox -S. In general, it’s not a great experience, unlike w/ Aeon.

Am I doing something wrong? Or is the use-case completely different from what I’m looking for? I’m ultimately trying to achieve a fairly simple Wireguard VPN edge w/ HAProxy to expose some services from my LAN to the outside world. I eventually want to use MicroOS to spin up build workers and whatno as needed (for use w/ forgejo or similar). That sounds like the kind of thing microos is designed for, but wireguard-tools isn’t installed by default, and toolbox is unfriendly vs Aeon, which is desktop-oriented. Also, whenever I search “opensuse microos,” most of the results are related to Aeon, not MicroOS. I know there was a naming switch pretty recently, but I’m still pretty surprised that there’s so little out there, it really feels like the wild wild west.

Anyway, thoughts? I might end up going back to Leap for now, but I’d really rather not because I like the idea of MicroOS. If the problem is likely due to me using the OpenStack image, then I’ll contact Hetzner support and get that ISO available, I’d just rather not bother if it’s something inherent to MicroOS.

Ok, it looks like the issue is that microos isn’t intended to have user logins other than root. I assumed that was because of how I installed microos (OpenStack qcow2 image), but a fresh install w/ the ISO also didn’t prompt to create an unprivileged user account and creating one didn’t work w/ podman OOTB.

toolbox works properly as root, just not as an unprivileged user.

Hopefully this helps someone else w/ a similar problem.

MicroOS has no problems with creating other users. That is not an answer.

The linked bug seems to be the same. It’s marked as SLE/Leap Micro 6, but it also impacts MicroOS, so I left a note there.

Should I make a separate bug report for MicroOS?

I’m pretty new to openSUSE in terms of how it’s managed, so I’m not sure if that bug is sufficient or if they’d like a separate one per product. I could so test tumbleweed since I use that on another machine if that’s the better place to report it. I’ve used openSUSE for years, but never needed to report something like this.

Personally I would add notes to the existing bug. If it is something different they’ll ask you to open a different one, but just because the base distro is different doesn’t mean it’s not the same bug.

Hey. I have the same issue.

I have four MicroOS installations – one with the standard installer, two using the qcow2 image, and one using the self installing container host ISO.

Toolbox user mode only works correctly on the installation using the standard installer. With the other three installs, I have the same error as you do.