Silverblue 31 toolbox "there might not be enough IDs available in the namespace"

When I try to create and enter a toolbox, I always get this error, whether I run as myself or root:

$ toolbox -v enter
toolbox: running as real user ID 1000
toolbox: resolved absolute path for /usr/bin/toolbox to /usr/bin/toolbox
toolbox: checking if /etc/subgid and /etc/subuid have entries for user USER
toolbox: TOOLBOX_PATH is /usr/bin/toolbox
toolbox: running on a cgroups v2 host
toolbox: current Podman version is 1.6.2
toolbox: migration not needed: Podman version 1.6.2 is unchanged
toolbox: Fedora generational core is f31
toolbox: base image is fedora-toolbox:31
toolbox: container is fedora-toolbox-31
toolbox: checking if container fedora-toolbox-31 exists
toolbox: container fedora-toolbox-31 not found
toolbox: found 0 containers
No toolbox containers found. Create now? [y/N] y
toolbox: Fedora generational core is f31
toolbox: base image is fedora-toolbox:31
toolbox: container is fedora-toolbox-31
toolbox: checking value /run/.heim_org.h5l.kcm-socket (Stream) of property Listen in sssd-kcm.socket
toolbox: parsing value /run/.heim_org.h5l.kcm-socket (Stream) of property Listen in sssd-kcm.socket
toolbox: checking if 'podman create' supports --ulimit host
toolbox: looking for image localhost/fedora-toolbox:31
toolbox: looking for image registry.fedoraproject.org/f31/fedora-toolbox:31
Image required to create toolbox container.
Download registry.fedoraproject.org/f31/fedora-toolbox:31 (500MB)? [y/N]: y
toolbox: pulling image registry.fedoraproject.org/f31/fedora-toolbox:31
Trying to pull registry.fedoraproject.org/f31/fedora-toolbox:31...
Getting image source signatures
Copying blob a31161543ddc done
Copying blob 133418e148d9 done
Copying config a198bc8c3c done
Writing manifest to image destination
Storing signatures
ERRO[0014] Error while applying layer: ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 0:12 for /var/spool/mail): lchown /var/spool/mail: invalid argument 
  ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 0:12 for /var/spool/mail): lchown /var/spool/mail: invalid argument
Error: error pulling image "registry.fedoraproject.org/f31/fedora-toolbox:31": unable to pull registry.fedoraproject.org/f31/fedora-toolbox:31: unable to pull image: Error committing the finished image: error adding layer with blob "sha256:a31161543ddcd7f82f1b7aa5f60a6053b8f154e34e254d20c89d1e441dcc61d5": ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 0:12 for /var/spool/mail): lchown /var/spool/mail: invalid argument
toolbox: failed to pull base image fedora-toolbox:31

I have been scouring for days without finding a solution, even though I have found resolved threads for similar issues with podman.

This thread mentions that it might have something to do with my user’s UID (which is 1000), but I couldn’t make heads or tails of it.

Does anyone here have a workaround for this?

I had exactly this same issue. Running podman system migrate solved the problem.

2 Likes