1. lsetxattr: operation not supported

If you see an error message that looks like the one below, this is caused by using your NFS home directory as the image store for podman. Try running the "enable-podman" command to generate a new ~/.config/containers/storage.conf file that points to your temp directory as the image store.

WARN[0000] Network file system detected as backing store.  Enforcing overlay option `force_mask="700"`.  Add it to storage.conf to silence this warning
Resolved "almalinux" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/almalinux:8...
Getting image source signatures
Copying blob fc846f2fcd53 done   |
Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:fc846f2fcd538c4200400b5f6c876cd9a0c2d31d570e155847cfd3435430fa28": processing tar file(lsetxattr /dev: operation not supported): exit status 1

2. A note about performance

Containers can create an easy, friendly user experience, but are typically not optimized for specific systems or hardware. A cost of this is that containerized applications often will not achieve the same performance as would natively built applications, which might, for example, call libraries optimized for the specific hardware and underlying architecture.

This isn't to say that it's not possible for a containerized application to achieve the same (or better) performance as a native application. Adding system-specific hardware libraries or dependencies to a container increase performance at the cost of portability.

3. Memory issues with large container images

When working with sufficiently large container images, you can run into memory issues. For example, you could have a process terminated by an Out of Memory (OOM) killer, or you could see "FATAL" error messages.

4. Incompatible architecture

When working with containerized applications, it's essential to ensure the container image's architecture aligns with the host system's architecture. Encountering the error:

standard_init_linux.go:211 exec user process caused exec format error

suggests that you're trying to run a container built for a different architecture than the host system's.

To resolve this, utilize a system that matches the architecture of the container image.

5. User namespace mapping and setgroups errors

If you run into errors with user namespace mapping like the one below, you'll need to run your build or run command with some extra arguments. These arguments are slightly different for running vs. building containers.

STEP 3/6: RUN apt-get update && apt-get install -y curl
E: setgroups 65534 failed - setgroups (22: Invalid argument)
E: setegid 65534 failed - setegid (22: Invalid argument)
Reading package lists...
E: setgroups 65534 failed - setgroups (22: Invalid argument)
E: setegid 65534 failed - setegid (22: Invalid argument)
E: Method gave invalid 400 URI Failure message: Failed to setgroups - setgroups (22: Invalid argument)
E: Method gave invalid 400 URI Failure message: Failed to setgroups - setgroups (22: Invalid argument)
E: Method http has died unexpectedly!
E: Sub-process http returned an error code (112)
Error: building at STEP "RUN apt-get update && apt-get install -y curl": while running runtime: exit status 100

For podman run:

podman build --uidmap 0:0:2000 --uidmap 65534:2000:2 ...

For podman build:

podman build --userns-uid-map=0:0:1 --userns-uid-map=1:1:1999 --userns-uid-map=65534:2000:2 ...