distrobox-1.4.1

[dreadbird]

Note: this only works in porteus v5.1 due to the kernel being patched to support containers (bunch of settings)

distrobox-1.4.1 xzm
https://drive.google.com/file/d/1m_wpc0 ... sp=sharing


I modified a slack build from Lanius to automatically download the .tar.gz source and run his slackbuild
script to make a slackpackage of 1.4.1. then you can make that into the .xzm same as above
https://drive.google.com/file/d/1wZzZhI ... sp=sharing




original post on the slackbuild
https://www.linuxquestions.org/question ... e_vignette


To use distrobox you need to install docker or podman. Since I couldnt find podman I am using docker.

docker-27.0.3 xzm
https://drive.google.com/file/d/1Y8sxKR ... sp=sharing

Dependencies
containerd-1.7.19 https://drive.google.com/file/d/1NKRnEh ... sp=sharing
runc-1.1.13 https://drive.google.com/file/d/1UM4y8_ ... sp=sharing

Optional (Not needed) for older systems
fuse-overlayfs-1.11 https://drive.google.com/file/d/1tMUd-B ... sp=sharing

This is not what it appears infact fuse overlayfs is not what we need. it doesnt do anything for us. Docker will automatically recognize an overlay when it sees one and we have native overlay.

vfs is default but takes up more storage space which doesnt matter for the average user. However overlay works and far more efficient

you can get these as packages from https://slackware.nl/slakfinder/

search for ie docker and choose 15.0 from alien and do the same for containerd and runc and then convert the .txz to an .xzm.

[dreadbird]

Getting docker to work with distrobox
Requires: Porteus v5.1

sudo groupadd docker

sudo usermod -aG docker guest

newgrp docker

confirmed you have to reboot


download cgroup mount script
https://github.com/tianon/cgroupfs-moun ... upfs-mount

make executable

sudo su
chmod +x cgroupfs-mount.txt

run the script
./cgroupfs-mount.txt

mount --make-rshared /

dockerd # starts the docker daemon

open new terminal


distrobox will now work with docker



to stop the daemon
sudo su
ps aux | grep dockerd

kill pid

this will stop your distrobox containers recommend doing when installing a new container. then start the daemon again.



Podman for distrobox
The versions on slakfinder are old and dont work with distrobox. I did find a slack build for 4.7.2 but have yet to compile as there are a bunch of dependencies needed. if I do get it to work will post it here.

[dreadbird]

Using distrobox

I followed this guide
https://www.youtube.com/watch?v=eiDt4O6UPRw

I created a fedora container and installed geany (installs about 200 packages in the container)

distrobox create
distrobox enter my-distrobox

sudo dnf install geany
geany
exit

you can make a link to the application making a script
myscript
#!/bin/bash
distrobox-enter my-distrobox -e sudo geany

make a link to that script on your desktop and put an icon on it.

or alternative make a shortcut to konsole on desktop and properties arguments -e distrobox-enter my-distrobox -e sudo geany
change icon

then you can launch the app from your regular session


its actually kind of useful

distrobox create -i archlinux:latest

distrobox enter archlinux:latest
sudo pacman -S mypackage


since archlinux is rolling release they get packages first so you can run an app that you cant in porteus that you might need.


if anyone knows how to patch v5.01 kernel to include the needed settings I know it can be done but I have no idea how to do it

viewtopic.php?t=9977 Kernel builder script
ill try it later and see if I can get it to change the differences from 6.12.5 and 6.8.10 for cgroups
CONFIG_CGROUP_PIDS=
CONFIG_CGROUP_DEVICE=

[dreadbird]

Managed to find a slackbuild for Podman 4.5.0

https://github.com/realmicu/slackbuilds/tree/main

in the root tree you can see build order and it lists the below. If you go to ap and down to pacman you can find the slackbuild.
l libslirp # podman
ap slirp4netns # podman
ap conmon # podman
ap go-md2man # podman
ap crun # podman
n cni-plugins # podman
ap fuse-overlayfs # podman

To build those packages

and then build podman.SlackBuild ill experiment a bit and include the one liner dependencies in the podman slack build script and upload it here.

[Blaze]

Hi dreadbird.
Porteus 5.1 is have cgroup mount script in /etc/rc.d and I added support for Docker in kernel for Docker too. Docker + cgroup daemons is activated via rc.services if give chmod +x and reboot Porteus.

Look at this script checker Вопросы про porteus (Пост Blaze #100897)

[dreadbird]

Podman 4.5.0 xzm all dependencies (configs set for porteus)
xzm
https://drive.google.com/file/d/1ZnFXrt ... sp=sharing

I built in the config files specific to porteus. if you want to see what those are
https://drive.google.com/file/d/1kPJcLy ... sp=sharing

cni plugins can be upgraded to 1.2.0 got a weird message when compiling

chown: cannot access '/tmp/package-cni-plugins/usr/bin': No such file or directory
chown: cannot access '/tmp/package-cni-plugins/usr/sbin': No such file or directory
looks like its just part of the script just before it packaged.
the package built fine but Ide rather not use it so I downloaded 1.1.1 with getmod -m cni-plugins-1.1.1-x86_64-1salix15.0

compile list
cni-plugins-1.1.1 (used getmod) can compile lets use getmod for now
yajl (I used getmod) can compile but lets use getmod for now
go-md2man-2.0.2 (used getmod) can compile needs google-go-lang-1.22.7 just decided to use getmod
conmon-2.1.7 (compiled)
fuse-overlayfs-1.11 (compiled)
libslirp-4.7.0-x86_64 (compiled)
slirp4netns-1.2.0 (compiled)
crun 1.19 (compiled) - complains missing libcrun.la no error just saying missing /usr/lib64/libcrun.la

Looked in the slackbuild and it removes those explicitly so its good
I had a look and libcrun.la is part of crun_0.17 for debian and systemd so it doesnt apply for porteus

so in summary this should be put together spot on with slackbuilds and used getmod to get everything right. so it should work just as well as docker

here are the slackbuilds in a tarball for podman and all the dependencies
https://drive.google.com/file/d/1Xe89fN ... sp=sharing
note: yajl get sources doesnt work so I included the 2.1.0 source in the .tar.gz https://github.com/lloyd/yajl/releases/tag/2.1.0 <--- yajl 2.1.0 src

to compile most of these you need google-go 1.22.5
export PATH=/usr/lib64/go1.22.5/go/bin:$PATH # or where ever google-go installs somewhere lib64
https://drive.google.com/file/d/1sVeDvs ... sp=sharing <---- heres a copy of 1.23.4 just use that

Above is updated as of Apr 2023 so if you use podman try these should work.

Oct 2023 last updated by developer
Podman 4.7.2 xzm and all dependencies (updated runtimes configs set for porteus)
https://drive.google.com/file/d/1eG5smj ... sp=sharing
I managed to compile 4.7.2 took quite a bit of work but with the help of github you need man-db and groff package with glibc >2.38 so porteus v5.1 to compile.


This version should be all that is needed however there are other methods to install packages.
https://docs.brew.sh/Homebrew-on-Linux Homebrew package manager
https://formulae.brew.sh/formula/podman Homebrew podman

if you install homebrew you can use it as a package manager and it has a list of apps and even has the new podman 5.3.0 (untested)
so this is similar to flatpak but it far simpler and you may find an app you need on here

Im not sure how to get podman to work ill try to figure it out. Just put this here as an alternative to install packages.


for what its worth docker is working fine but I thought I would try to get the most updated of version of podman incase someone is accustom to that. I use docker


I will continue to monitor if I can get 4.7.0 and 4.7.2 to compile I posted a topic it hangs on a line during make. but it looks like slackware specifically alienbob has adopted docker so docker will be the one that is most up to date

[dreadbird]

Hi dreadbird.
Porteus 5.1 is have cgroup mount script in /etc/rc.d and I added support for Docker in kernel for Docker too. Docker + cgroup daemons is activated via rc.services if give chmod +x and reboot Porteus.

Look at this script checker Вопросы про porteus (Пост Blaze #100897)

cool ill try it out ty

[dreadbird]

Update on podman

well it seems people are using podman on slackware linux so ive managed to glean a few insights in how to get podman working.

it uses uid and gid and there are packages in ubuntu and oracle called libshadow-utils. we dont have that package.

setting up podman for slackware source
https://www.linuxquestions.org/question ... 175739377/

creating these files in /etc/ may allow podman to work

Depricated see below posts

# touch /etc/subuid /etc/subgid
# usermod --add-subuid 100000-165535 --add-subgid 100000-165535 $USER
$ podman system migrate


podman is far more difficult to use and comes standard on gentoo so I think whoever manages the package databases know how to set everything up for users. it works as soon as you install the distro or install podman with the package manager. of course these tricks and methods will never be shared. so this leads me to get quite frustrated that linux is open source but then we have layers of clout that is really a shame to see.

yeah so there are packages built specifically for podman per distro specifically container-tools which has all the dependencies for fuse-overlayfs crun slirp4netns ect. in Podman 5 netavark replaces cni-plugins.

I would not suggest using podman as it interfaces terribly. its either setup properly to work by the developer with the desktop app or by packages.
Its one of those it works perfectly or not at all. where as docker just works.

Can confirm just installed podman on ubuntu and it works right out of the box. so unless you know what youre doing dont use podman for porteus


podman disables cgroup1 in rootless console. so you can see they are more focused on security hence all the settings needed to get it to work.
as well cgroupfs is disabled by default (in favor of systemd).
they are adopting cgroup2 hierarchy and phasing out cgroup1. you will soon no longer be able to use cgroup1 with podman.

so ill look into setting the kernel boot parameter to use cgroupv2 and try it with podman. once I get the configuration files setup I will update them in the .xzm so it will work without having to configure a bunch of things

Im not sure how to only have cgroupv2 maybe with append cgroup_no_v1=all confirm works

have cgroup1 and have it recognizing its mounted with the mountscript and makeshared.
I have it almost working just a matter of getting it to get through all the mounting issues

ERRO[0000] Unmounting /var/lib/containers/storage/overlay/3d36990cdc4fabfefbd53a6ba84532b002335c5692bbf6614b4ee23c8bac7fd0/merged: invalid argument
Error: mounting storage for container f6e612040d53a2c5d653cdfd599acd8e871025117fadacdb77c240cb618a92d9: creating overlay mount to /var/lib/containers/storage/overlay/3d36990cdc4fabfefbd53a6ba84532b002335c5692bbf6614b4ee23c8bac7fd0/merged, mount_data="lowerdir=/var/lib/containers/storage/overlay/l/WIDI5QQOKV5UVY2XW4WUZSVR3A,upperdir=/var/lib/containers/storage/overlay/3d36990cdc4fabfefbd53a6ba84532b002335c5692bbf6614b4ee23c8bac7fd0/diff,workdir=/var/lib/containers/storage/overlay/3d36990cdc4fabfefbd53a6ba84532b002335c5692bbf6614b4ee23c8bac7fd0/work,nodev": using mount program /usr/bin/fuse-overlayfs: unknown argument ignored: lazytime
/proc seems to be mounted as readonly, it can lead to unexpected failuresfuse-overlayfs: cannot read upper dir: Cannot allocate memory
: exit status 1


Lets try to do it this way
https://distrobox.it/posts/install_podman_static/

This will put podman in ~/.local/ and if you use the launcher it will tell podman my binaries etc are in ~/.local/
so this is one way to have a remote install of podman.

0.0.3 launcher <------- this is equivalent podman 4.5.0 and 4.7.2
CRUN_VERSION="1.9"
PODMAN_VERSION="4.6.1"

0.0.5 launcher
CRUN_VERSION="1.14.4"
PODMAN_VERSION="4.9.3"


following this I found static binaries for podman and I will use those and try to resolve the problem with making containers

[dreadbird]

Rule out any inconsistencies
Static binary install of podman

https://github.com/mgoltzsche/podman-static

Reboot always fresh

enter console

Code: Select all

export VERSION=v4.9.5     

curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/mgoltzsche/podman-static/releases/download/$VERSION/podman-linux-amd64.tar.gz   

tar -xzf podman-linux-amd64.tar.gz                  
sudo cp -r podman-linux-amd64/usr podman-linux-amd64/etc / 

we will try to get it working with root first

make sure you are not in su ( guest command line)

Code: Select all

sudo sh -c "echo $(id -un):100000:65536 >> /etc/subuid"
sudo sh -c "echo $(id -un):100000:65536 >> /etc/subgid"
podman system migrate

This adds guest to the id and gid

you now have 4.9.5 version installed and try to get it working. I experience the exact same problem with the podman 4.6.2 i built so its not anything in there.

Going to post on github how to resolve

with docker mounting cgroup2

mount -t cgroup2 cgroup /sys/fs/cgroup
mount --make-rshared /

works

switch to podman

ERRO[0000] Unmounting /var/lib/containers/storage/overlay/2a0b8ae0da6141c58db6ba1a94d656aca235582122d30df7f823a3029c62d709/merged: invalid argument
Error: mounting storage for container 2bf130c6a21ea371010b00380468e4a0ed6f21c3911bb2738ba312255cbb3432: creating overlay mount to /var/lib/containers/storage/overlay/2a0b8ae0da6141c58db6ba1a94d656aca235582122d30df7f823a3029c62d709/merged, mount_data="lowerdir=/var/lib/containers/storage/overlay/l/REVEIOYCAPB5YJ5QWD6IRQUKHG,upperdir=/var/lib/containers/storage/overlay/2a0b8ae0da6141c58db6ba1a94d656aca235582122d30df7f823a3029c62d709/diff,workdir=/var/lib/containers/storage/overlay/2a0b8ae0da6141c58db6ba1a94d656aca235582122d30df7f823a3029c62d709/work,nodev,fsync=0": using mount program /usr/local/bin/fuse-overlayfs: unknown argument ignored: lazytime
fuse-overlayfs: cannot read upper dir: Out of memory
: exit status 1

[dreadbird]

I see the problem its looking for the memory controller

ill see if I can get it to work

podman doesnt support cgroup v2 hybrid. so goes back to cgroup 1.

cgroup1 is missing the memory controller so we cant use podman yet.

Docker works fine with cgroup v2 with cgroup 1


podman is too convoluted too use so unless youre forced to use it by the distro docker it is

security is one thing. but when it effectively locks you out of your own machine I think theres something wrong.

I got it to work! you have to add cgroup_no_v1=all to your boot parameter

append changes=/mnt/sda3/changes cgroup_no_v1=all



So we have podman 4.5.0 (tested with the one I compiled) and docker

so what ill do it get all the configuration files set right and then include it in the .xzm

[dreadbird]

do this as guest

make sure you are not in root terminal. ie your in guest

Code: Select all

sudo rm /etc/subuid /etc/subgid            
sudo sh -c "echo $(id -un):100000:65536 >> /etc/subuid"       
sudo sh -c "echo $(id -un):100000:65536 >> /etc/subgid"
podman system migrate

this adds guest to uid and gid

this will resolve the terrible namespace issue. there are many guides on yeah this works totally fine. but they dont even explain how to set it up. lack of documentation and all of this should be done with promps or automatically assigned.

[dreadbird]

Updated
Podman 4.5.0 porteus v5.1
https://drive.google.com/file/d/1ZnFXrt ... sp=sharing
includes necessary config files


changed configs
to use vfs
default uid gid
cgroupfs

boot into porteus with

append changes:/mnt/mydrive cgroup_no_v1=all

mount | grep cgroup

you should see
cgroup2 on /sys/fs/cgroup type cgroup2

if not

Code: Select all

mount -t cgroup2 cgroup /sys/fs/cgroup       
mount --make-rshared /

my system automatically mounted cgroup2 so its really easy

so to sum it up podman while difficult to setup properly comes out ahead as the better product. it is more secure by allowing rootless by default. podman doesnt have the daemon another security improvement and there is also its smaller size. docker has more marketing swagger and lets face it the name is easily recognizable. podman tries to do everything and I first thought that was dumb. this is because they are possibly including packages or features that they could pull from system packages. Then I noticed the reasoning and its for developers to setup for distros and probably have some kind of OCI certificate. Where the user is left behind with poor documentation and ease of use is not present. To some (myself included) thats a deal breaker.

[dreadbird]

Docker guide

See above post about adding your user to docker group viewtopic.php?p=101728#p101728
also /etc/subuid and /etc/subgid viewtopic.php?p=101762#p101762
Note:
if you enable cgroup2 you dont need the cgroup mount script system will automatically mount it
viewtopic.php?p=101808#p101808 <------- enabling cgroup2

I will update this as I figure out more about how to use containers. so its easier to get started. as the guides all lack one important thing. As a typical user we only need one or two commands. and once accustomed to using containers can do things like networking and hosting. There is no need to make things complicated I call this obscurity and its what the typical youtube video is and that is pointless. It doesnt help you at all and its all click bait. so I will try to fix that problem by posting the most used commands no nonsense.

Before we get into any of this just use distrobox its a wrapper for docker that handles most of everything. I havent started to get too far into this stuff. all of the guides out there are useless so be warned

Lets get into the habit of naming our images this will prevent future frustration with random 32bit long names or what have you

Usage:
start the daemon
sudo su
mount --make-rshared /
dockerd

open new terminal

distrobox create -n myfedorabox

distrobox enter myfedorabox


so this goes ahead and uses the default image of fedora

Moving on we can do the same and select an image

distrobox create -n container-name --image os-image:version

distrobox create -n myfedora --image fedora:latest

distrobox enter myfedora

exit


Overlay fs
Docker works fine with vfs.

You need a ext4 or xfs type_d=true(xfs must be formatted as type d option) parition

create a partition as EXT4 (say its called /dev/sda2 )
and mount it onto the machine

sudo su

Code: Select all

rm /var/lib/docker                

mkdir /var/lib/docker            

umount /dev/sda2
mount -t ext4 /dev/sda2 /var/lib/docker

Docker will automatically create an overlay in that directory now


add it to your /etc/rc.d/rc.local

sudo umount /dev/sda2
sudo mount -t ext4 /dev/sda2 /var/lib/docker
sudo mount --make-rshared /


For a more in depth guide to setup overlay refer to this post. scroll down to How do I enable overlay? and automatically mount overlay drives
viewtopic.php?p=101843#p101843


Important you must clean out the container folder if you used vfs originally

cd /var/lib/docker
sudo rm -r *

remember any changes like that you have to restart dockerd daemon
Thats it your docker is setup.

For automounting these drives see you have to scroll down to the bottom of this post Automounting overlay
viewtopic.php?p=101843#p101843


Main guide

Great now that we have docker setup. lets get into the usage of it.

/var/lib/docker <------- all of your containers are stored here

/var/run/docker.soc <------- all communication goes through this a file


Installing apps

distrobox enter myfedora
sudo dnf install geany
geany <--------- launches the gui app
distrobox-export --app geany

It wont work right out of the dock for docker

go to the link edit - Application - Argument
-n my-distrobox -- ' geany %F' <----- add the name of the container
or
-n myfedora -e geany


you have an icon that can launch this app

Note: distrobox works better with podman. so if even -n my-distrobox -- ' geany %F' doesnt work
try -n my-distrobox -- ' sudo geany %F'
or -n myfedora -e sudo geany


remove icon
distrobox-export --app geany --delete

Other distros
Other toolboxes (images needed to run with distrobox)
https://github.com/89luca89/distrobox/b ... ibility.md

example
distrobox create -n myarch -i quay.io/toolbx/arch-toolbox:latest

pulls arch linux

Other useful (later on when more advanced)

going a little further we can allow access to other containers from within a container.

distrobox enter /var/run/docker.soc:/var/run/docker.soc myfedora


(this will allow communication to .soc from within a container)



Im having problems
go to your /var/lib/docker and clean it out
sudo su
cd /var/lib/docker
rm -r *
exit

overlay can sometimes be finicky if anything at all is in that directory.

restart your dockerd daemon anytime you make changes to those drives ie you clean it out cd /var/lib/docker rm -r *

start a new changes drive or reboot always fresh to confirm then make new changes drive


Ignore this for now (coming up with easiest use of all programs and taking it a day at a time)

This part is theoretical as Im coming up with the basis for the guide (will update as I use docker)

So we can have docker great. you can download a podman docker container from https://github.com/mgoltzsche/podman-static. Then you can run that container on your machine. Now you can have podman working in that docker container (they use alpine base image). So by using the command.

docker run --privileged -u podman:podman mgoltzsche/podman:minimal docker run alpine:latest echo hello from nested container

we can see the minimal part this is because they build the container podman without systemd. so think of it they built podman like docker. If you tried to install podman on the distro its not going to work there are simply too many configurations needed. so now we can see the power behind containers. we can actually install programs easily. remember think of containers as throw away items they are specific to you and its to make a unified usage of applications.

--privileged allows the container to use system resources from within the container. So you have a nested container.
podman:podman is user namespace. im still figuring out how to use all the name space stuff.

podman (uid 1000) and on porteus guest is uid 1000
so you can probably use run --privileged -u guest:guest container docker run etc

they setup the container to link docker to podman so any apps in that alpine image that run docker will use podman from within the container

Docker --> podman

[dreadbird]

Debugging
Try docker first
When overlay enabled. using cgroup v1

su dockerd

these came from dockerd

WARN[2025-01-25T01:43:20.494727952Z] Not using native diff for overlay2, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled storage-driver=overlay2

WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory TCP limit support
WARNING: No oom kill disable support
WARNING: No cpuset support

time="2025-01-25T01:47:09.445630278Z" level=error msg="add cg to OOM monitor" error="cgroups: memory cgroup not supported on this system"

I am able to enter the image and it works fine in root.

Server Version: 27.0.3
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: true
Native Overlay Diff: false
userxattr: false


Cause for concern: no we can use docker to pull and enter images with overlay as root.
Implications: we cant enter containers as rootless yet there must be some setting to do that. and its pointing at the daemon its a security thing we need to find. one setting is all it will take to get it to work.

Now try podman cgroup2 (cgroup v1 doesnt work no memory controller) <----- this is only because of overlay it works cgroup2 with vfs
remember we also have cgroup1 enabled (Podman reverts to cgroup1 but glitches because we are missing memory controllers
on group1. docker doesnt care and works.


root@porteus:/var/lib/containers# podman run -it fedora
ERRO[0000] Unmounting /var/lib/containers/storage/overlay/885f8503f9cc2a6ea54ff1d203e99bf051ccf834db4b52fd920bb1843d092601/merged: invalid argument
Error: mounting storage for container 01f25c26489e7836ae564774f0daaf78d767983910e3f4dc277e84eb30153edc: creating overlay mount to /var/lib/containers/storage/overlay/885f8503f9cc2a6ea54ff1d203e99bf051ccf834db4b52fd920bb1843d092601/merged, mount_data="lowerdir=/var/lib/containers/storage/overlay/l/ADHRWM6Q7C3KE4737KFKB7KIES,upperdir=/var/lib/containers/storage/overlay/885f8503f9cc2a6ea54ff1d203e99bf051ccf834db4b52fd920bb1843d092601/diff,workdir=/var/lib/containers/storage/overlay/885f8503f9cc2a6ea54ff1d203e99bf051ccf834db4b52fd920bb1843d092601/work,nodev": using mount program /usr/bin/fuse-overlayfs: unknown argument ignored: lazytime
/proc seems to be mounted as readonly, it can lead to unexpected failuresfuse-overlayfs: cannot read upper dir: Cannot allocate memory
: exit status 1


podman glitches out on the memory controller where as docker does not.


TLDR. both docker and podman work just fine with vfs. I am trying to enable overlay in both docker and podman. docker is almost there and should be able to figure it out.
podman on the other hand looks like a kernel setting is missing. in the podman code its rejecting our settings for security reasons. docker works whereas podman refuses because of the kernel


root@porteus:/proc# zcat config.gz | grep CONFIG_MEMCG
CONFIG_MEMCG=y
# CONFIG_MEMCG_V1 is not set

root@porteus:/proc# zcat config.gz | grep CGROUP
# CONFIG_CGROUP_RDMA is not set


so cgroup2 should be fine for podman will have to find the reasoning it rejects

[dreadbird]

Podman
Ok figured it out

Must be in cgroupv2 only change boot parameter cgroup_no_v1=all

Podman will work by default because of vfs which uses cgroups as well. so you can use podman and skip all these below steps.
You need to type this:
sudo mount --make-rshared / <----------- makes linux share its drive

Refer to how to stop a container below and start using podman


Lets enable overlay because its far better

Enable overlay
/etc/containers/storage.conf

change driver from vfs to overlay

Podman considers overlay to include overlay2 <----------- overlay is the only setting you need

your default usage will be rootless ie guest
The benefits of podman are: you are making a rootless container one of the most secure ways of doing any of this

/home/guest/.local/share/containers <------------ containers are stored here

Refer to this post to setup overlay - scroll down to enable overlay
viewtopic.php?p=101843#p101843

make sure you
sudo mount --make-rshared / <----------- makes linux share its drive


podman will work with distrobox using overlay now. Your podman is working correctly.


Stopping containers
There is a glitch with distrobox

in order to stop a container

I use
podman kill -a <---------- stops all containers
or --latest <--------- stop latest container
or if you want to stop an individual one

podman ps
podman kill container id

If you do that your container will be stopped properly
if you try to stop a container with distrobox it gets stuck and you have to ps aux | grep podman and kill that process.

Im having problems
cd ~/.local/share/
ls -l <---- make sure guest owns containers dir
sudo chmod guest:users containers/ -R


How podman works
With podman your root containers are stored
/var/lib/containers

your rootless containers are stored
/home/guest/.local/share/containers


you cannot see root containers as rootless and vice versa.