"hello world" demo fails with "failed to reexec: Permission denied"

[NellyWhads]

Hey there, I'm attempting to run the hello world demo in an attempt to create my own rootless podman layer on another docker image.

To start, I can't seem to run the demo:

$ docker run --privileged -u podman:podman mgoltzsche/podman:minimal docker run alpine:latest echo hello from nested container
failed to reexec: Permission denied

simplifying all the way down, this works fine:

$ docker run --privileged -u podman:podman mgoltzsche/podman:minimal echo hello world
hello world

these also don't seem to work:

$ docker run --privileged -u podman:podman mgoltzsche/podman:minimal podman info
failed to reexec: Permission denied

$ docker run --privileged -u podman:podman mgoltzsche/podman:minimal docker system info
failed to reexec: Permission denied

and lastly:

$ docker run --privileged -u podman:podman mgoltzsche/podman:minimal podman run alpine:latest podman info
failed to reexec: Permission denied

System Information

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.3 LTS
Release:        24.04
Codename:       noble

$ docker --version
Docker version 28.2.2, build 28.2.2-0ubuntu1~24.04.1

$ docker system info
Client:
 Version:    28.2.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.30.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.40.3
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 15
  Running: 0
  Paused: 0
  Stopped: 15
 Images: 39
 Server Version: 28.2.2
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Discovered Devices:
  cdi: nvidia.com/gpu=0
  cdi: nvidia.com/gpu=GPU-32ec2f28-add7-ef09-a5a6-0238b09f9284
  cdi: nvidia.com/gpu=all
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2 nvidia
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 
 runc version: v1.4.0-0-g8bd78a9
 init version: 
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.14.0-1018-aws
 Operating System: Ubuntu 24.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 124.4GiB
 Name: ip-172-31-186-154
 ID: 6e93b81a-6199-40e3-886f-f06017e0d726
 Docker Root Dir: /home/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Your assistance in this matter is kindly appreciated - the LLMs are letting me down. I considered the solution from #111, however, it didn't solve the issue (I realize i'm running podman inside the container anyways)