crun: setrlimit RLIMIT_NPROC: Operation not permitted: OCI permission denied (was: toolbox not working with existing containers after upgrade to 38.20230422.1)

[tkockler]

Workarounds

The issue is fixed in podman 4.6 but containers created before this release can not be fixed without being re-created or raising the nproc limit.

Save and restore containers

You can export and import your existing containers. See for example:

• Cannot enter container – crun: setrlimit RLIMIT_NPROC: Operation not permitted: OCI permission denied containers/toolbox#1312 (comment)
• https://fedoramagazine.org/backup-and-restore-toolboxes-with-podman/

Set a higher ulimit for your user

Write the following file, replacing username by your user and 150000 by a value larger than ulimut -u:

$ cat /etc/security/limits.d/50-podman-ulimits.conf
username hard nproc 150000

Reboot to apply the configuration change.

---

Original issue text

Describe the bug
After upgrading to 38.20230422.1 I can no longer enter existing containers

[tom@fedora38-sb ~]$ toolbox -v enter test
DEBU Running as real user ID 1000                 
DEBU Resolved absolute path to the executable as /usr/bin/toolbox 
DEBU Running on a cgroups v2 host                 
DEBU Looking for sub-GID and sub-UID ranges for user tom 
DEBU TOOLBOX_PATH is /usr/bin/toolbox             
DEBU Migrating to newer Podman                    
DEBU Toolbox config directory is /var/home/tom/.config/toolbox 
DEBU Current Podman version is 4.5.0              
DEBU Creating runtime directory /run/user/1000/toolbox 
DEBU Old Podman version is 4.5.0                  
DEBU Migration not needed: Podman version 4.5.0 is unchanged 
DEBU Setting up configuration                     
DEBU Setting up configuration: file /var/home/tom/.config/containers/toolbox.conf not found 
DEBU Resolving container and image names          
DEBU Container: ''                                
DEBU Distribution (CLI): ''                       
DEBU Image (CLI): ''                              
DEBU Release (CLI): ''                            
DEBU Resolved container and image names           
DEBU Container: 'fedora-toolbox-38'               
DEBU Image: 'fedora-toolbox:38'                   
DEBU Release: '38'                                
DEBU Resolving container and image names          
DEBU Container: 'test'                            
DEBU Distribution (CLI): ''                       
DEBU Image (CLI): ''                              
DEBU Release (CLI): ''                            
DEBU Resolved container and image names           
DEBU Container: 'test'                            
DEBU Image: 'fedora-toolbox:38'                   
DEBU Release: '38'                                
DEBU Checking if container test exists            
DEBU Inspecting mounts of container test          
DEBU Starting container test                      
Error: failed to start container test

When I roll back to version 38.20230421.0 toolbox works as expected.

Newly created containers in 38.20230422.1 work fine, only existing containers are not working

To Reproduce
Please describe the steps needed to reproduce the bug:

1. Create a container in 38.20230421.0 with "toolbox create test", enter it with "toolbox enter test", update it inside and install something (f.ex. neovim). Exit the container
2. On the host run "rpm-ostree upgrade" and reboot
3. After the reboot "toolbox enter test" gives "Error: failed to start container test"

Expected behavior
"toolbox enter test" brings me into the container

OS version:

[tom@fedora38-sb ~]$ rpm-ostree status -b
State: idle
AutomaticUpdates: check; rpm-ostreed-automatic.timer: last run 44min ago
BootedDeployment:
● fedora:fedora/38/x86_64/silverblue
                  Version: 38.20230422.1 (2023-04-22T21:01:18Z)
               BaseCommit: 233d5d86c58d4da70da4e1aec1c457c0b1b4a66fd5544d103d86a0280956e09d
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
          LayeredPackages: 'google-roboto*' 'mozilla-fira*' fira-code-fonts google-roboto-condensed-fonts htop langpacks-de
                           mozilla-openh264

[juhp]

Hm I can't reproduce in either of my Silverblue 37 and 38 VMs fwiw.
I wonder how old your toolboxes are?

[tkockler]

Interesting. Perhaps a problem with my machine.
I am new to silverblue, so it's a fresh install and the only things I did was playing around with toolboxes: creating, installing stuff and deleting them again.
The toolboxes are new (one and two days old) and I can switch between the working and the not working deployment and reproduce the error

[tkockler]

I tried to start the container with podman directly and got the following error message: "Error: unable to start container 8a48d59ee3223c8240d7a6dfd14e3af0cd4506ef394968cbf8307f40fe6c936a: crun: setrlimit RLIMIT_NPROC: Operation not permitted: OCI permission denied"
With this information I found: containers/podman#6389 in the podman github. I only understand a fraction but:

tom@fedora38-sb:~$ podman inspect --format '{{ printf "%+v" .HostConfig.Ulimits }}' 8a48d59ee322
[{Name:RLIMIT_NOFILE Soft:524288 Hard:524288} {Name:RLIMIT_NPROC Soft:30726 Hard:30726}]

ulimit -u yields in the working deployment 30726 and 30725 in the not working one.

The described solution to set nproc for my user to 30726 worked: I can now start the container in both deployments.

Has anyone an idea how and why the limit changed for my user from 38.20230421.0 to 38.20230422.1?

[travier]

Have you tried containers/podman#6389 (comment) ?

[tkockler]

Yes, creating a backup and restore it works also. The new container gets the new limits of my user account (30725).

[cajus]

Same issue here. But with distrobox. Backup/restore did not work as in the comments above (looks like I need to do something different for distrobox). Shredded the container and re-created it.

[sandorex]

I've had this happen twice, both distrobox and toolbox have same problems, hope this helps to find the issue

I've gone from silverblue 38.20230520.0 to kinoite 38.20230525.0 with following changes, and i had to recreate all containers cause of this error

% rpm-ostree db diff 81eeb69fc36fdc3a255620ed0f23e0777f621c0b6b8a43236858ebff6b8139dd 03dec287d500c6a73a49ca052fd71ede5a422632af6c8c77b2339e1ec7a61011
ostree diff commit from: 81eeb69fc36fdc3a255620ed0f23e0777f621c0b6b8a43236858ebff6b8139dd
ostree diff commit to:   03dec287d500c6a73a49ca052fd71ede5a422632af6c8c77b2339e1ec7a61011
Upgraded:
  crun 1.8.4-1.fc38 -> 1.8.5-1.fc38
  gobject-introspection 1.76.0-1.fc38 -> 1.76.1-1.fc38
  gtk-update-icon-cache 3.24.37-1.fc38 -> 3.24.38-1.fc38
  gtk3 3.24.37-1.fc38 -> 3.24.38-1.fc38
  gtk4 4.10.3-2.fc38 -> 4.10.3-3.fc38
  llvm-libs 16.0.3-1.fc38 -> 16.0.4-1.fc38
  ostree 2023.1-2.fc38 -> 2023.3-1.fc38
  ostree-grub2 2023.1-2.fc38 -> 2023.3-1.fc38
  ostree-libs 2023.1-2.fc38 -> 2023.3-1.fc38
  python3-requests 2.28.2-1.fc38 -> 2.28.2-2.fc38
  qgnomeplatform-qt5 0.9.0-14.fc38 -> 0.9.1-2.fc38
Removed:
  NetworkManager-adsl-1:1.42.6-1.fc38.x86_64
  NetworkManager-openconnect-gnome-1.2.10-1.fc38.x86_64
  NetworkManager-openvpn-gnome-1:1.10.2-2.fc38.x86_64
  NetworkManager-pptp-1:1.2.10-3.fc38.x86_64
  NetworkManager-pptp-gnome-1:1.2.10-3.fc38.x86_64
  NetworkManager-ssh-1.2.12-5.fc38.x86_64
  NetworkManager-ssh-gnome-1.2.12-5.fc38.x86_64
  NetworkManager-vpnc-gnome-1:1.2.8-3.fc38.x86_64
  abseil-cpp-20220623.1-4.fc38.x86_64
  accountsservice-libs-23.11.69-2.fc38.x86_64
  apr-1.7.2-2.fc38.x86_64
  apr-util-1.6.3-2.fc38.x86_64
  apr-util-bdb-1.6.3-2.fc38.x86_64
  apr-util-openssl-1.6.3-2.fc38.x86_64
  bluez-obexd-5.66-5.fc38.x86_64
  brlapi-0.8.4-10.fc38.x86_64
  brltty-6.5-10.fc38.x86_64
  colord-gtk4-0.3.0-3.fc38.x86_64
  cups-pk-helper-0.2.7-2.fc38.x86_64
  desktop-backgrounds-gnome-38.0.0-2.fc38.noarch
  epiphany-runtime-1:44.2-1.fc38.x86_64
  evince-djvu-44.1-1.fc38.x86_64
  evince-libs-44.1-1.fc38.x86_64
  evince-previewer-44.1-1.fc38.x86_64
  evince-thumbnailer-44.1-1.fc38.x86_64
  evolution-data-server-3.48.1-1.fc38.x86_64
  evolution-data-server-langpacks-3.48.1-1.fc38.noarch
  exempi-2.6.3-2.fc38.x86_64
  f38-backgrounds-gnome-38.1.1-1.fc38.noarch
  fedora-chromium-config-gnome-2.0-3.fc38.noarch
  fedora-logos-httpd-38.1.0-1.fc38.noarch
  fedora-release-identity-silverblue-38-35.noarch
  fedora-release-silverblue-38-35.noarch
  freerdp-libs-2:2.10.0-1.fc38.x86_64
  gcr-3.92.0-2.fc38.x86_64
  gcr-libs-3.92.0-2.fc38.x86_64
  gdm-1:44.1-1.fc38.x86_64
  geoclue2-libs-2.7.0-1.fc38.x86_64
  geocode-glib-data-3.26.4-3.fc38.x86_64
  geocode-glib2-3.26.4-3.fc38.x86_64
  gjs-1.76.0-1.fc38.x86_64
  gnome-autoar-0.4.4-1.fc38.x86_64
  gnome-backgrounds-44.0-1.fc38.noarch
  gnome-bluetooth-1:42.5-3.fc38.x86_64
  gnome-bluetooth-libs-1:42.5-3.fc38.x86_64
  gnome-browser-connector-42.1-2.fc38.x86_64
  gnome-classic-session-44.0-1.fc38.noarch
  gnome-color-manager-3.36.0-9.fc38.x86_64
  gnome-control-center-44.1-1.fc38.x86_64
  gnome-control-center-filesystem-44.1-1.fc38.noarch
  gnome-desktop3-44.0-1.fc38.x86_64
  gnome-desktop4-44.0-1.fc38.x86_64
  gnome-disk-utility-44.0-1.fc38.x86_64
  gnome-initial-setup-44.0-2.fc38.x86_64
  gnome-menus-3.36.0-8.fc38.x86_64
  gnome-online-accounts-3.48.0-1.fc38.x86_64
  gnome-remote-desktop-44.1-1.fc38.x86_64
  gnome-session-44.0-1.fc38.x86_64
  gnome-session-wayland-session-44.0-1.fc38.x86_64
  gnome-session-xsession-44.0-1.fc38.x86_64
  gnome-settings-daemon-44.1-1.fc38.x86_64
  gnome-shell-44.1-1.fc38.x86_64
  gnome-shell-extension-apps-menu-44.0-1.fc38.noarch
  gnome-shell-extension-background-logo-44~beta-1.fc38.noarch
  gnome-shell-extension-common-44.0-1.fc38.noarch
  gnome-shell-extension-launch-new-instance-44.0-1.fc38.noarch
  gnome-shell-extension-places-menu-44.0-1.fc38.noarch
  gnome-shell-extension-window-list-44.0-1.fc38.noarch
  gnome-software-44.1-1.fc38.x86_64
  gnome-software-rpm-ostree-44.1-1.fc38.x86_64
  gnome-system-monitor-44.0-1.fc38.x86_64
  gnome-terminal-3.48.1-1.fc38.x86_64
  gnome-terminal-nautilus-3.48.1-1.fc38.x86_64
  gnome-themes-extra-3.28-16.fc38.x86_64
  gnome-tour-44.0-1.fc38.x86_64
  gnome-user-docs-44.1-1.fc38.noarch
  gnome-user-share-43.0-2.fc38.x86_64
  gsound-1.0.3-5.fc38.x86_64
  gspell-1.12.1-1.fc38.x86_64
  gst-editing-services-1.22.2-1.fc38.x86_64
  gupnp-av-0.14.1-3.fc38.x86_64
  gupnp-dlna-0.12.0-4.fc38.x86_64
  gvfs-1.50.4-1.fc38.x86_64
  gvfs-afc-1.50.4-1.fc38.x86_64
  gvfs-afp-1.50.4-1.fc38.x86_64
  gvfs-archive-1.50.4-1.fc38.x86_64
  gvfs-client-1.50.4-1.fc38.x86_64
  gvfs-fuse-1.50.4-1.fc38.x86_64
  gvfs-goa-1.50.4-1.fc38.x86_64
  gvfs-gphoto2-1.50.4-1.fc38.x86_64
  gvfs-mtp-1.50.4-1.fc38.x86_64
  gvfs-smb-1.50.4-1.fc38.x86_64
  harfbuzz-icu-7.1.0-1.fc38.x86_64
  httpd-2.4.57-1.fc38.x86_64
  httpd-core-2.4.57-1.fc38.x86_64
  httpd-filesystem-2.4.57-1.fc38.noarch
  httpd-tools-2.4.57-1.fc38.x86_64
  javascriptcoregtk4.1-2.40.1-1.fc38.x86_64
  javascriptcoregtk6.0-2.40.1-1.fc38.x86_64
  julietaula-montserrat-fonts-1:7.222-4.fc38.noarch
  libadwaita-1.3.2-1.fc38.x86_64
  libatomic-13.1.1-2.fc38.x86_64
  libcdio-paranoia-10.2+2.0.1-8.fc38.x86_64
  libcue-2.2.1-11.fc38.x86_64
  libgdata-0.18.1-7.fc38.x86_64
  libgee-0.20.6-2.fc38.x86_64
  libgexiv2-0.14.0-5.fc38.x86_64
  libgnomekbd-3.28.1-2.fc38.x86_64
  libgrss-0.7.0-16.fc38.x86_64
  libgsf-1.14.50-1.fc38.x86_64
  libgtop2-2.41.1-1.fc38.x86_64
  libgweather4-4.2.0-2.fc38.x86_64
  libgxps-0.3.2-5.fc38.x86_64
  libhandy-1.8.2-1.fc38.x86_64
  libical-glib-3.0.16-3.fc38.x86_64
  libiptcdata-1.0.5-13.fc38.x86_64
  libmanette-0.2.6-6.fc38.x86_64
  libmediaart-1.9.6-3.fc38.x86_64
  libnma-1.10.6-2.fc38.x86_64
  libnma-gtk4-1.10.6-2.fc38.x86_64
  libosinfo-1.10.0-5.fc38.x86_64
  libphonenumber-8.12.57-6.fc38.x86_64
  libportal-0.6-6.fc38.x86_64
  libportal-gtk4-0.6-6.fc38.x86_64
  libsoup-2.74.3-2.fc38.x86_64
  libwinpr-2:2.10.0-1.fc38.x86_64
  libwnck3-43.0-4.fc38.x86_64
  libwpe-1.14.0-2.fc38.x86_64
  libxklavier-5.4-22.fc38.x86_64
  mailcap-2.1.53-5.fc38.noarch
  malcontent-0.11.1-1.fc38.x86_64
  malcontent-control-0.11.1-1.fc38.x86_64
  malcontent-ui-libs-0.11.1-1.fc38.x86_64
  mod_dnssd-0.6-28.fc38.x86_64
  mod_http2-2.0.11-2.fc38.x86_64
  mod_lua-2.4.57-1.fc38.x86_64
  mozjs102-102.9.0-1.fc38.x86_64
  mutter-44.1-1.fc38.x86_64
  nautilus-44.1-2.fc38.x86_64
  nautilus-extensions-44.1-2.fc38.x86_64
  nm-connection-editor-1.30.0-3.fc38.x86_64
  orca-44~rc-1.fc38.noarch
  osinfo-db-20230308-1.fc38.noarch
  osinfo-db-tools-1.10.0-6.fc38.x86_64
  pcre2-utf32-10.42-1.fc38.1.x86_64
  pinentry-gnome3-1.2.1-2.fc38.x86_64
  pptp-1.10.0-16.fc38.x86_64
  protobuf-3.19.6-2.fc38.x86_64
  python3-brlapi-0.8.4-10.fc38.x86_64
  python3-louis-3.25.0-1.fc38.noarch
  python3-speechd-0.11.4-2.fc38.x86_64
  rest-0.9.1-6.fc38.x86_64
  rygel-0.42.3-1.fc38.x86_64
  sshpass-1.09-5.fc38.x86_64
  startup-notification-0.12-25.fc38.x86_64
  switcheroo-control-2.6-3.fc38.x86_64
  texlive-lib-10:20220321-71.fc38.x86_64
  totem-pl-parser-3.26.6-6.fc38.x86_64
  totem-video-thumbnailer-1:43.0-2.fc38.x86_64
  tracker-3.5.2-1.fc38.x86_64
  tracker-miners-3.5.2-1.fc38.x86_64
  uchardet-0.0.8-2.fc38.x86_64
  usbmuxd-1.1.1-9.fc38.x86_64
  vte-profile-0.72.1-1.fc38.x86_64
  vte291-0.72.1-1.fc38.x86_64
  webkit2gtk4.1-2.40.1-1.fc38.x86_64
  webkitgtk6.0-2.40.1-1.fc38.x86_64
  wpebackend-fdo-1.14.2-1.fc38.x86_64
  xdg-desktop-portal-gnome-44.1-1.fc38.x86_64
  xdg-user-dirs-gtk-0.11-2.fc38.x86_64
  yelp-2:42.2-2.fc38.x86_64
  yelp-libs-2:42.2-2.fc38.x86_64
  yelp-xsl-42.1-2.fc38.noarch
Added:
  PackageKit-Qt5-1.0.2-6.fc38.x86_64
  accounts-qml-module-0.7-9.fc38.x86_64
  adwaita-gtk2-theme-3.28-16.fc38.x86_64
  aha-0.5.1-7.fc38.x86_64
  appstream-qt-0.16.1-1.fc38.x86_64
  ark-23.04.1-1.fc38.x86_64
  ark-libs-23.04.1-1.fc38.x86_64
  aspell-12:0.60.8-11.fc38.x86_64
  baloo-widgets-23.04.1-1.fc38.x86_64
  bcache-tools-1.1-4.fc38.x86_64
  bluedevil-5.27.5-1.fc38.x86_64
  boost-atomic-1.78.0-11.fc38.x86_64
  boost-chrono-1.78.0-11.fc38.x86_64
  boost-filesystem-1.78.0-11.fc38.x86_64
  boost-program-options-1.78.0-11.fc38.x86_64
  breeze-cursor-theme-5.27.5-1.fc38.noarch
  breeze-gtk-common-5.27.5-1.fc38.noarch
  breeze-gtk-gtk2-5.27.5-1.fc38.noarch
  breeze-gtk-gtk3-5.27.5-1.fc38.noarch
  breeze-gtk-gtk4-5.27.5-1.fc38.noarch
  breeze-icon-theme-5.106.0-1.fc38.noarch
  catdoc-0.95-14.fc38.x86_64
  cfitsio-4.2.0-3.fc38.x86_64
  chmlib-0.40-28.fc38.x86_64
  clinfo-3.0.21.02.21-5.fc38.x86_64
  cmake-filesystem-3.26.4-2.fc38.x86_64
  colord-kde-23.04.1-1.fc38.x86_64
  corosynclib-3.1.7-2.fc38.x86_64
  cryfs-0.11.3-1.fc38.x86_64
  dbus-x11-1:1.14.6-1.fc38.x86_64
  dbusmenu-qt-0.9.3-0.30.20160218.fc38.x86_64
  dbusmenu-qt5-0.9.3-0.30.20160218.fc38.x86_64
  desktop-backgrounds-compat-38.0.0-2.fc38.noarch
  dlm-lib-4.2.0-2.fc38.x86_64
  dmraid-1.0.0.rc16-55.fc38.x86_64
  dmraid-events-1.0.0.rc16-55.fc38.x86_64
  dmraid-libs-1.0.0.rc16-55.fc38.x86_64
  docbook-dtds-1.0-81.fc38.noarch
  docbook-style-xsl-1.79.2-18.fc38.noarch
  dolphin-23.04.1-1.fc38.x86_64
  dolphin-libs-23.04.1-1.fc38.x86_64
  dolphin-plugins-23.04.1-1.fc38.x86_64
  ebook-tools-libs-0.2.2-24.fc38.x86_64
  editorconfig-libs-0.12.6-1.fc38.x86_64
  egl-utils-8.5.0-1.fc38.x86_64
  enchant2-aspell-2.3.4-1.fc38.x86_64
  f2fs-tools-1.14.0-6.fc38.x86_64
  f38-backgrounds-kde-38.1.1-1.fc38.noarch
  fatresize-1.1.0-7.fc38.x86_64
  fedora-appstream-metadata-20230419-1.fc38.noarch
  fedora-chromium-config-kde-2.0-3.fc38.noarch
  fedora-release-identity-kinoite-38-35.noarch
  fedora-release-kinoite-38-35.noarch
  ffmpegthumbs-23.04.1-1.fc38.x86_64
  filelight-1:23.04.1-1.fc38.x86_64
  firewall-config-1.3.1-1.fc38.noarch
  flatpak-kcm-5.27.5-1.fc38.x86_64
  fuse-encfs-1.9.5-16.fc38.x86_64
  fuse-sshfs-3.7.3-3.fc38.x86_64
  gnustep-base-libs-1.28.0-10.fc38.x86_64
  google-noto-sans-fonts-20230201-1.fc38.noarch
  google-noto-sans-mono-fonts-20230201-1.fc38.noarch
  google-noto-serif-fonts-20230201-1.fc38.noarch
  gpgmepp-1.17.1-3.fc38.x86_64
  gpsd-libs-1:3.25-2.fc38.x86_64
  grantlee-qt5-5.3.1-1.fc38.x86_64
  gtk2-2.24.33-13.fc38.x86_64
  gtk2-engines-2.20.2-26.fc38.x86_64
  gwenview-1:23.04.1-1.fc38.x86_64
  gwenview-libs-1:23.04.1-1.fc38.x86_64
  hfsutils-3.2.6-46.fc38.x86_64
  hspell-1.4-17.fc38.x86_64
  ibus-gtk2-1.5.28-4.fc38.x86_64
  ibus-qt-1.3.4-6.fc38.x86_64
  iceauth-1.0.9-3.fc38.x86_64
  jfsutils-1.1.15-24.fc38.x86_64
  kaccounts-integration-23.04.1-1.fc38.x86_64
  kaccounts-providers-23.04.1-1.fc38.x86_64
  kactivitymanagerd-5.27.5-1.fc38.x86_64
  kamera-23.04.1-1.fc38.x86_64
  kate-libs-23.04.1-1.fc38.x86_64
  kcalc-23.04.1-1.fc38.x86_64
  kcharselect-23.04.1-1.fc38.x86_64
  kcolorpicker-0.2.0-3.fc38.x86_64
  kde-cli-tools-5.27.5.1-1.fc38.x86_64
  kde-connect-23.04.1-1.fc38.x86_64
  kde-connect-libs-23.04.1-1.fc38.x86_64
  kde-filesystem-4-69.fc38.x86_64
  kde-gtk-config-5.27.5-1.fc38.x86_64
  kde-partitionmanager-23.04.1-1.fc38.x86_64
  kde-print-manager-23.04.1-1.fc38.x86_64
  kde-print-manager-libs-23.04.1-1.fc38.x86_64
  kde-settings-38.2-2.fc38.noarch
  kde-settings-plasma-38.2-2.fc38.noarch
  kde-settings-pulseaudio-38.2-2.fc38.noarch
  kde-settings-sddm-38.2-2.fc38.noarch
  kdeconnectd-23.04.1-1.fc38.x86_64
  kdecoration-5.27.5-1.fc38.x86_64
  kdegraphics-mobipocket-23.04.1-1.fc38.x86_64
  kdegraphics-thumbnailers-23.04.1-1.fc38.x86_64
  kdeplasma-addons-5.27.5-1.fc38.x86_64
  kdesu-1:5.27.5.1-1.fc38.x86_64
  kdialog-23.04.1-1.fc38.x86_64
  kdnssd-23.04.1-1.fc38.x86_64
  kdsoap-2.0.0-4.fc38.x86_64
  keditbookmarks-23.04.1-1.fc38.x86_64
  keditbookmarks-libs-23.04.1-1.fc38.x86_64
  kf5-akonadi-server-23.04.1-1.fc38.x86_64
  kf5-akonadi-server-mysql-23.04.1-1.fc38.x86_64
  kf5-attica-5.106.0-1.fc38.x86_64
  kf5-baloo-5.106.0-1.fc38.x86_64
  kf5-baloo-file-5.106.0-1.fc38.x86_64
  kf5-baloo-libs-5.106.0-1.fc38.x86_64
  kf5-bluez-qt-5.106.0-1.fc38.x86_64
  kf5-filesystem-5.106.0-1.fc38.x86_64
  kf5-frameworkintegration-5.106.0-1.fc38.x86_64
  kf5-frameworkintegration-libs-5.106.0-1.fc38.x86_64
  kf5-kactivities-5.106.0-1.fc38.x86_64
  kf5-kactivities-stats-5.106.0-1.fc38.x86_64
  kf5-karchive-5.106.0-1.fc38.x86_64
  kf5-kauth-5.106.0-1.fc38.x86_64
  kf5-kbookmarks-5.106.0-1.fc38.x86_64
  kf5-kcalendarcore-1:5.106.0-1.fc38.x86_64
  kf5-kcmutils-5.106.0-1.fc38.x86_64
  kf5-kcodecs-5.106.0-1.fc38.x86_64
  kf5-kcompletion-5.106.0-1.fc38.x86_64
  kf5-kconfig-core-5.106.0-1.fc38.x86_64
  kf5-kconfig-gui-5.106.0-1.fc38.x86_64
  kf5-kconfigwidgets-5.106.0-1.fc38.x86_64
  kf5-kcontacts-1:5.106.0-1.fc38.x86_64
  kf5-kcoreaddons-5.106.0-1.fc38.x86_64
  kf5-kcrash-5.106.0-1.fc38.x86_64
  kf5-kdbusaddons-5.106.0-1.fc38.x86_64
  kf5-kdeclarative-5.106.0-1.fc38.x86_64
  kf5-kded-5.106.0-1.fc38.x86_64
  kf5-kdelibs4support-5.106.0-1.fc38.x86_64
  kf5-kdelibs4support-libs-5.106.0-1.fc38.x86_64
  kf5-kdesu-5.106.0-1.fc38.x86_64
  kf5-kdnssd-5.106.0-1.fc38.x86_64
  kf5-kdoctools-5.106.0-1.fc38.x86_64
  kf5-kfilemetadata-5.106.0-1.fc38.x86_64
  kf5-kglobalaccel-5.106.0-1.fc38.x86_64
  kf5-kglobalaccel-libs-5.106.0-1.fc38.x86_64
  kf5-kguiaddons-5.106.0-1.fc38.x86_64
  kf5-kholidays-1:5.106.0-1.fc38.x86_64
  kf5-khtml-5.106.0-1.fc38.x86_64
  kf5-ki18n-5.106.0-1.fc38.x86_64
  kf5-kiconthemes-5.106.0-1.fc38.x86_64
  kf5-kidletime-5.106.0-1.fc38.x86_64
  kf5-kimageformats-5.106.0-1.fc38.x86_64
  kf5-kinit-5.106.0-1.fc38.x86_64
  kf5-kio-core-5.106.0-1.fc38.x86_64
  kf5-kio-core-libs-5.106.0-1.fc38.x86_64
  kf5-kio-doc-5.106.0-1.fc38.noarch
  kf5-kio-file-widgets-5.106.0-1.fc38.x86_64
  kf5-kio-gui-5.106.0-1.fc38.x86_64
  kf5-kio-ntlm-5.106.0-1.fc38.x86_64
  kf5-kio-widgets-5.106.0-1.fc38.x86_64
  kf5-kio-widgets-libs-5.106.0-1.fc38.x86_64
  kf5-kirigami2-5.106.0-1.fc38.x86_64
  kf5-kirigami2-addons-1:0.8.0-1.fc38.x86_64
  kf5-kitemmodels-5.106.0-1.fc38.x86_64
  kf5-kitemviews-5.106.0-1.fc38.x86_64
  kf5-kjobwidgets-5.106.0-1.fc38.x86_64
  kf5-kjs-5.106.0-1.fc38.x86_64
  kf5-knewstuff-5.106.0-1.fc38.x86_64
  kf5-knotifications-5.106.0-1.fc38.x86_64
  kf5-knotifyconfig-5.106.0-1.fc38.x86_64
  kf5-kpackage-5.106.0-1.fc38.x86_64
  kf5-kparts-5.106.0-1.fc38.x86_64
  kf5-kpeople-5.106.0-1.fc38.x86_64
  kf5-kpty-5.106.0-1.fc38.x86_64
  kf5-kquickcharts-5.106.0-1.fc38.x86_64
  kf5-krunner-5.106.0-1.fc38.x86_64
  kf5-kservice-5.106.0-1.fc38.x86_64
  kf5-ktexteditor-5.106.0-1.fc38.x86_64
  kf5-ktextwidgets-5.106.0-1.fc38.x86_64
  kf5-kunitconversion-5.106.0-1.fc38.x86_64
  kf5-kwallet-5.106.0-1.fc38.x86_64
  kf5-kwallet-libs-5.106.0-1.fc38.x86_64
  kf5-kwayland-5.106.0-1.fc38.x86_64
  kf5-kwidgetsaddons-5.106.0-1.fc38.x86_64
  kf5-kwindowsystem-5.106.0-1.fc38.x86_64
  kf5-kxmlgui-5.106.0-1.fc38.x86_64
  kf5-kxmlrpcclient-5.106.0-1.fc38.x86_64
  kf5-libkdcraw-23.04.1-1.fc38.x86_64
  kf5-libkexiv2-23.04.1-1.fc38.x86_64
  kf5-modemmanager-qt-5.106.0-1.fc38.x86_64
  kf5-networkmanager-qt-5.106.0-1.fc38.x86_64
  kf5-plasma-5.106.0-1.fc38.x86_64
  kf5-prison-5.106.0-1.fc38.x86_64
  kf5-purpose-5.106.0-1.fc38.x86_64
  kf5-solid-5.106.0-1.fc38.x86_64
  kf5-sonnet-core-5.106.0-1.fc38.x86_64
  kf5-sonnet-ui-5.106.0-1.fc38.x86_64
  kf5-syndication-1:5.106.0-1.fc38.x86_64
  kf5-syntax-highlighting-5.106.0-1.fc38.x86_64
  kf5-threadweaver-5.106.0-1.fc38.x86_64
  kfind-23.04.1-1.fc38.x86_64
  khelpcenter-1:23.04.1-1.fc38.x86_64
  khotkeys-5.27.5-1.fc38.x86_64
  kimageannotator-0.6.1-1.fc38.x86_64
  kinfocenter-5.27.5-1.fc38.x86_64
  kio-admin-23.04.1-1.fc38.x86_64
  kio-extras-23.04.1-1.fc38.x86_64
  kio-fuse-5.0.1-5.fc38.x86_64
  kio-gdrive-23.04.1-1.fc38.x86_64
  kmag-23.04.1-1.fc38.x86_64
  kmenuedit-5.27.5-1.fc38.x86_64
  kmousetool-23.04.1-1.fc38.x86_64
  konsole5-23.04.1-1.fc38.x86_64
  konsole5-part-23.04.1-1.fc38.x86_64
  kpipewire-5.27.5-1.fc38.x86_64
  kpmcore-23.04.1-1.fc38.x86_64
  krfb-23.04.1-1.fc38.x86_64
  krfb-libs-23.04.1-1.fc38.x86_64
  kscreen-1:5.27.5-1.fc38.x86_64
  kscreenlocker-5.27.5-1.fc38.x86_64
  ksystemstats-5.27.5-1.fc38.x86_64
  kuserfeedback-1.2.0-8.fc38.x86_64
  kwalletmanager5-23.04.1-1.fc38.x86_64
  kwayland-integration-5.27.5-1.fc38.x86_64
  kwin-5.27.5-1.fc38.x86_64
  kwin-common-5.27.5-1.fc38.x86_64
  kwin-libs-5.27.5-1.fc38.x86_64
  kwin-wayland-5.27.5-1.fc38.x86_64
  kwin-x11-5.27.5-1.fc38.x86_64
  kwrite-23.04.1-1.fc38.x86_64
  kwrited-5.27.5-1.fc38.x86_64
  layer-shell-qt-5.27.5-1.fc38.x86_64
  libXaw-1.0.14-4.fc38.x86_64
  libXxf86dga-1.1.5-10.fc38.x86_64
  libaccounts-glib-1.25-11.fc38.x86_64
  libaccounts-qt5-1.16-7.fc38.x86_64
  libappindicator-gtk3-12.10.1-1.fc38.x86_64
  libcanberra-gtk2-0.30-31.fc38.x86_64
  libchewing-0.5.1-26.fc38.x86_64
  libdbusmenu-16.04.0-21.fc38.x86_64
  libdbusmenu-gtk3-16.04.0-21.fc38.x86_64
  libdmtx-0.7.5-11.fc38.x86_64
  libfakekey-0.3-13.fc38.x86_64
  libkgapi-23.04.1-1.fc38.x86_64
  libkscreen-qt5-5.27.5-1.fc38.x86_64
  libksysguard-5.27.5-1.fc38.x86_64
  libksysguard-common-5.27.5-1.fc38.x86_64
  libkworkspace5-5.27.5-1.fc38.x86_64
  libmarkdown-2.2.7-4.fc38.x86_64
  libmng-2.0.3-17.fc38.x86_64
  libobjc-13.1.1-2.fc38.x86_64
  libqalculate-4.6.1-1.fc38.x86_64
  libqb-2.0.6-5.fc38.x86_64
  libvoikko-4.3.2-1.fc38.x86_64
  lm_sensors-libs-3.6.0-13.fc38.x86_64
  maliit-framework-2.3.0-3.fc38.x86_64
  maliit-framework-qt5-2.3.0-3.fc38.x86_64
  maliit-keyboard-2.3.1-4.fc38.x86_64
  mariadb-3:10.5.19-2.fc38.x86_64
  mariadb-backup-3:10.5.19-2.fc38.x86_64
  mariadb-common-3:10.5.19-2.fc38.x86_64
  mariadb-connector-c-3.3.4-2.fc38.x86_64
  mariadb-connector-c-config-3.3.4-2.fc38.noarch
  mariadb-cracklib-password-check-3:10.5.19-2.fc38.x86_64
  mariadb-errmsg-3:10.5.19-2.fc38.x86_64
  mariadb-gssapi-server-3:10.5.19-2.fc38.x86_64
  mariadb-server-3:10.5.19-2.fc38.x86_64
  mariadb-server-utils-3:10.5.19-2.fc38.x86_64
  media-player-info-23-12.fc38.noarch
  mysql-selinux-1.0.5-3.fc38.noarch
  net-tools-2.0-0.65.20160912git.fc38.x86_64
  nilfs-utils-2.2.9-3.fc38.x86_64
  ocfs2-tools-1.8.7-5.fc38.x86_64
  okular-23.04.1-1.fc38.x86_64
  okular-libs-23.04.1-1.fc38.x86_64
  okular-part-23.04.1-1.fc38.x86_64
  openal-soft-1.23.1-1.fc38.x86_64
  oxygen-sounds-5.27.5-1.fc38.noarch
  p7zip-plugins-16.02-25.fc38.x86_64
  pam-kwallet-5.27.5-1.fc38.x86_64
  perl-AutoLoader-5.74-497.fc38.noarch
  perl-B-1.83-497.fc38.x86_64
  perl-Carp-1.52-490.fc38.noarch
  perl-Class-Struct-0.66-497.fc38.noarch
  perl-DBD-MariaDB-1.22-4.fc38.x86_64
  perl-DBI-1.643-15.fc38.x86_64
  perl-Data-Dumper-2.184-491.fc38.x86_64
  perl-Digest-1.20-490.fc38.noarch
  perl-Digest-MD5-2.58-490.fc38.x86_64
  perl-DynaLoader-1.52-497.fc38.x86_64
  perl-Encode-4:3.19-493.fc38.x86_64
  perl-Errno-1.36-497.fc38.x86_64
  perl-Exporter-5.77-490.fc38.noarch
  perl-Fcntl-1.15-497.fc38.x86_64
  perl-File-Basename-2.85-497.fc38.noarch
  perl-File-Copy-2.39-497.fc38.noarch
  perl-File-Path-2.18-490.fc38.noarch
  perl-File-Temp-1:0.231.100-490.fc38.noarch
  perl-File-stat-1.12-497.fc38.noarch
  perl-FileHandle-2.03-497.fc38.noarch
  perl-Getopt-Long-1:2.54-2.fc38.noarch
  perl-Getopt-Std-1.13-497.fc38.noarch
  perl-HTTP-Tiny-0.082-2.fc38.noarch
  perl-IO-1.50-497.fc38.x86_64
  perl-IO-Socket-IP-0.41-492.fc38.noarch
  perl-IO-Socket-SSL-2.081-1.fc38.noarch
  perl-IPC-Open3-1.22-497.fc38.noarch
  perl-MIME-Base64-3.16-490.fc38.x86_64
  perl-Math-BigInt-1:1.9998.37-3.fc38.noarch
  perl-Math-BigRat-0.2624-3.fc38.noarch
  perl-Math-Complex-1.59-497.fc38.noarch
  perl-Mozilla-CA-20221114-2.fc38.noarch
  perl-NDBM_File-1.15-497.fc38.x86_64
  perl-Net-SSLeay-1.92-5.fc38.x86_64
  perl-POSIX-2.03-497.fc38.x86_64
  perl-PathTools-3.84-490.fc38.x86_64
  perl-Pod-Escapes-1:1.07-490.fc38.noarch
  perl-Pod-Perldoc-3.28.01-491.fc38.noarch
  perl-Pod-Simple-1:3.43-491.fc38.noarch
  perl-Pod-Usage-4:2.03-4.fc38.noarch
  perl-Scalar-List-Utils-5:1.63-490.fc38.x86_64
  perl-SelectSaver-1.02-497.fc38.noarch
  perl-Socket-4:2.036-2.fc38.x86_64
  perl-Storable-1:3.26-490.fc38.x86_64
  perl-Symbol-1.09-497.fc38.noarch
  perl-Sys-Hostname-1.24-497.fc38.x86_64
  perl-Term-ANSIColor-5.01-491.fc38.noarch
  perl-Term-Cap-1.18-1.fc38.noarch
  perl-Text-ParseWords-3.31-490.fc38.noarch
  perl-Text-Tabs+Wrap-2023.0511-1.fc38.noarch
  perl-Time-Local-2:1.300-490.fc38.noarch
  perl-URI-5.17-2.fc38.noarch
  perl-base-2.27-497.fc38.noarch
  perl-constant-1.33-491.fc38.noarch
  perl-if-0.61.000-497.fc38.noarch
  perl-interpreter-4:5.36.1-497.fc38.x86_64
  perl-libnet-3.15-1.fc38.noarch
  perl-libs-4:5.36.1-497.fc38.x86_64
  perl-locale-1.10-497.fc38.noarch
  perl-mro-1.26-497.fc38.x86_64
  perl-overload-1.35-497.fc38.noarch
  perl-overloading-0.02-497.fc38.noarch
  perl-parent-1:0.241-1.fc38.noarch
  perl-podlators-1:5.01-2.fc38.noarch
  perl-vars-1.05-497.fc38.noarch
  phonon-qt5-4.11.1-11.fc38.x86_64
  phonon-qt5-backend-gstreamer-2:4.10.0-9.fc38.x86_64
  pinentry-qt-1.2.1-2.fc38.x86_64
  plasma-breeze-5.27.5-1.fc38.x86_64
  plasma-breeze-common-5.27.5-1.fc38.noarch
  plasma-browser-integration-5.27.5-1.fc38.x86_64
  plasma-desktop-5.27.5-1.fc38.x86_64
  plasma-desktop-doc-5.27.5-1.fc38.noarch
  plasma-discover-5.27.5-2.fc38.x86_64
  plasma-discover-flatpak-5.27.5-2.fc38.x86_64
  plasma-discover-libs-5.27.5-2.fc38.x86_64
  plasma-discover-notifier-5.27.5-2.fc38.x86_64
  plasma-discover-rpm-ostree-5.27.5-2.fc38.x86_64
  plasma-disks-5.27.5-1.fc38.x86_64
  plasma-drkonqi-5.27.5-1.fc38.x86_64
  plasma-integration-5.27.5-1.fc38.x86_64
  plasma-lookandfeel-fedora-5.27.5-1.fc38.noarch
  plasma-milou-5.27.5-1.fc38.x86_64
  plasma-nm-5.27.5-1.fc38.x86_64
  plasma-nm-openconnect-5.27.5-1.fc38.x86_64
  plasma-nm-openvpn-5.27.5-1.fc38.x86_64
  plasma-nm-vpnc-5.27.5-1.fc38.x86_64
  plasma-pa-5.27.5-1.fc38.x86_64
  plasma-systemmonitor-5.27.5-1.fc38.x86_64
  plasma-systemsettings-5.27.5-1.fc38.x86_64
  plasma-thunderbolt-5.27.5-1.fc38.x86_64
  plasma-vault-5.27.5-1.fc38.x86_64
  plasma-welcome-5.27.5-1.fc38.x86_64
  plasma-workspace-5.27.5-1.fc38.x86_64
  plasma-workspace-common-5.27.5-1.fc38.x86_64
  plasma-workspace-geolocation-5.27.5-1.fc38.x86_64
  plasma-workspace-geolocation-libs-5.27.5-1.fc38.x86_64
  plasma-workspace-libs-5.27.5-1.fc38.x86_64
  plasma-workspace-wallpapers-5.27.5-1.fc38.noarch
  plasma-workspace-wayland-5.27.5-1.fc38.x86_64
  plasma-workspace-x11-5.27.5-1.fc38.x86_64
  polkit-kde-5.27.5-1.fc38.x86_64
  polkit-qt5-1-0.114.0-6.fc38.x86_64
  poppler-qt5-23.02.0-1.fc38.x86_64
  powerdevil-5.27.5-1.fc38.x86_64
  pulseaudio-qt-1.3-4.fc38.x86_64
  python3-tkinter-3.11.3-1.fc38.x86_64
  qaccessibilityclient-0.4.1-5.fc38.x86_64
  qca-qt5-2.3.4-5.fc38.x86_64
  qca-qt5-ossl-2.3.4-5.fc38.x86_64
  qqc2-desktop-style-5.106.0-1.fc38.x86_64
  qt-1:4.8.7-71.fc38.x86_64
  qt-at-spi-0.3.1-25.fc38.x86_64
  qt-common-1:4.8.7-71.fc38.noarch
  qt-x11-1:4.8.7-71.fc38.x86_64
  qt5-qdbusviewer-5.15.9-1.fc38.x86_64
  qt5-qtbase-mysql-5.15.9-3.fc38.x86_64
  qt5-qtfeedback-20180903gita14bd0b-6.fc38.x86_64
  qt5-qtgraphicaleffects-5.15.9-1.fc38.x86_64
  qt5-qtimageformats-5.15.9-1.fc38.x86_64
  qt5-qtlocation-5.15.9-1.fc38.x86_64
  qt5-qtmultimedia-5.15.9-1.fc38.x86_64
  qt5-qtquickcontrols-5.15.9-1.fc38.x86_64
  qt5-qtquickcontrols2-5.15.9-1.fc38.x86_64
  qt5-qtsensors-5.15.9-1.fc38.x86_64
  qt5-qtspeech-5.15.9-1.fc38.x86_64
  qt5-qtspeech-speechd-5.15.9-1.fc38.x86_64
  qt5-qtsvg-5.15.9-2.fc38.x86_64
  qt5-qttools-5.15.9-1.fc38.x86_64
  qt5-qttools-common-5.15.9-1.fc38.noarch
  qt5-qttools-libs-designer-5.15.9-1.fc38.x86_64
  qt5-qtvirtualkeyboard-5.15.9-1.fc38.x86_64
  qt5-qtwebchannel-5.15.9-1.fc38.x86_64
  qt5-qtwebengine-5.15.12-5.fc38.x86_64
  qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64
  qt5-qtwebview-5.15.9-1.fc38.x86_64
  re2-1:20220601-2.fc38.x86_64
  sddm-0.19.0^git20230404.e652433-1.fc38.x86_64
  sddm-breeze-5.27.5-1.fc38.noarch
  sddm-kcm-5.27.5-1.fc38.x86_64
  sddm-wayland-plasma-5.27.5-1.fc38.noarch
  sgml-common-0.6.3-60.fc38.noarch
  sgpio-1.2.0.10-32.fc38.x86_64
  signon-8.60-12.fc38.x86_64
  signon-plugin-oauth2-0.24-6.fc38.x86_64
  signon-ui-0.15-19.fc38.x86_64
  smartmontools-1:7.3-5.fc38.x86_64
  smartmontools-selinux-1:7.3-5.fc38.noarch
  sni-qt-0.2.7-0.12.20170217.fc38.x86_64
  socat-1.7.4.4-2.fc38.x86_64
  spdlog-1.11.0-5.fc38.x86_64
  spectacle-23.04.1-1.fc38.x86_64
  sqlite-3.40.1-2.fc38.x86_64
  tinyxml2-9.0.0-2.fc38.x86_64
  tk-1:8.6.12-4.fc38.x86_64
  udftools-2.3-6.fc38.x86_64
  unar-1.10.7-6.fc38.x86_64
  voikko-fi-2.5-4.fc38.noarch
  vulkan-tools-1.3.243.0-1.fc38.x86_64
  wayland-utils-1.1.0-2.fc38.x86_64
  xapian-core-libs-1.4.20-2.fc38.x86_64
  xcb-util-cursor-0.1.4-2.fc38.x86_64
  xdg-desktop-portal-kde-5.27.5-1.fc38.x86_64
  xdpyinfo-1.3.3-3.fc38.x86_64
  xmessage-1.0.6-2.fc38.x86_64
  xsetroot-1.1.2-6.fc38.x86_64
  xsettingsd-1.0.2-5.fc38.x86_64
  zxing-cpp-1.2.0-9.fc38.x86_64

Now it broke again after i've upgraded to 38.20230527.0 with following changes

% rpm-ostree db diff                                                                                                                     [ 130 ]
ostree diff commit from: rollback deployment (7f5bb0893bf9968d32516eb9c5c8aa9d5b6b8420bcff234ea01c63ff35fa76d5)
ostree diff commit to:   booted deployment (c30ce824a7aefb77bbaa16a3b282c72a418d10d566c8f8c9d5a57dd138cae77c)
Upgraded:
  c-ares 1.19.0-1.fc38 -> 1.19.1-1.fc38
  container-selinux 2:2.213.0-1.fc38 -> 2:2.215.0-2.fc38
  edk2-ovmf 20230301gitf80f052277c8-4.fc38 -> 20230301gitf80f052277c8-26.fc38
  exfatprogs 1.2.0-2.fc38 -> 1.2.1-1.fc38
  fedora-chromium-config 2.0-3.fc38 -> 3.0-1.fc38
  fedora-chromium-config-kde 2.0-3.fc38 -> 3.0-1.fc38
  firefox 113.0.1-1.fc38 -> 113.0.1-4.fc38
  firefox-langpacks 113.0.1-1.fc38 -> 113.0.1-4.fc38
  fuse-overlayfs 1.10-3.fc38 -> 1.12-1.fc38
  glib2 2.76.2-1.fc38 -> 2.76.3-1.fc38
  gstreamer1 1.22.2-1.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugin-libav 1.22.2-1.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugins-bad-free 1.22.2-3.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugins-base 1.22.2-1.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugins-good 1.22.2-1.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugins-good-qt 1.22.2-1.fc38 -> 1.22.3-1.fc38
  gstreamer1-plugins-ugly-free 1.22.2-1.fc38 -> 1.22.3-1.fc38
  ibus 1.5.28-4.fc38 -> 1.5.28-5.fc38
  ibus-gtk2 1.5.28-4.fc38 -> 1.5.28-5.fc38
  ibus-gtk3 1.5.28-4.fc38 -> 1.5.28-5.fc38
  ibus-gtk4 1.5.28-4.fc38 -> 1.5.28-5.fc38
  ibus-libs 1.5.28-4.fc38 -> 1.5.28-5.fc38
  ibus-setup 1.5.28-4.fc38 -> 1.5.28-5.fc38
  iptables-libs 1.8.9-2.fc38 -> 1.8.9-4.fc38
  iptables-nft 1.8.9-2.fc38 -> 1.8.9-4.fc38
  librados2 2:17.2.6-2.fc38 -> 2:17.2.6-3.fc38
  librbd1 2:17.2.6-2.fc38 -> 2:17.2.6-3.fc38
  mariadb-connector-c 3.3.4-2.fc38 -> 3.3.5-1.fc38
  mariadb-connector-c-config 3.3.4-2.fc38 -> 3.3.5-1.fc38
  mesa-dri-drivers 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-filesystem 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-libEGL 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-libGL 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-libgbm 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-libglapi 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-libxatracker 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-va-drivers 23.0.3-3.fc38 -> 23.0.3-5.fc38
  mesa-vulkan-drivers 23.0.3-3.fc38 -> 23.0.3-5.fc38
  microcode_ctl 2:2.1-54.fc38 -> 2:2.1-55.fc38
  python-unversioned-command 3.11.3-1.fc38 -> 3.11.3-2.fc38
  python3 3.11.3-1.fc38 -> 3.11.3-2.fc38
  python3-libs 3.11.3-1.fc38 -> 3.11.3-2.fc38
  python3-tkinter 3.11.3-1.fc38 -> 3.11.3-2.fc38
  qpdf-libs 11.3.0-2.fc38 -> 11.4.0-1.fc38
  rpm-ostree 2023.3-1.fc38 -> 2023.4-2.fc38
  rpm-ostree-libs 2023.3-1.fc38 -> 2023.4-2.fc38
  vim-data 2:9.0.1562-1.fc38 -> 2:9.0.1575-1.fc38
  vim-minimal 2:9.0.1562-1.fc38 -> 2:9.0.1575-1.fc38
  xapian-core-libs 1.4.20-2.fc38 -> 1.4.22-1.fc38
  xen-libs 4.17.1-1.fc38 -> 4.17.1-2.fc38
  xen-licenses 4.17.1-1.fc38 -> 4.17.1-2.fc38
Added:
  boost-iostreams-1.78.0-11.fc38.x86_64

The command from before, the limit is not as low as i thought it would be

% podman inspect --format '{{ printf "%+v" .HostConfig.Ulimits }}' cec460321adf
[{Name:RLIMIT_NOFILE Soft:524288 Hard:524288} {Name:RLIMIT_NPROC Soft:111318 Hard:111318}]

Full rpm-ostree status

% rpm-ostree status
State: idle
Deployments:
● fedora:fedora/38/x86_64/kinoite
                  Version: 38.20230527.0 (2023-05-27T00:49:56Z)
               BaseCommit: c483928e46a1f520761261d8d57370398e151386800defcb5553f0b481e0848d
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
          LayeredPackages: ddcutil distrobox libvirt openssl rpmfusion-free-release rpmfusion-nonfree-release virt-manager zsh

  fedora:fedora/38/x86_64/kinoite
                  Version: 38.20230525.0 (2023-05-25T00:47:33Z)
               BaseCommit: 03dec287d500c6a73a49ca052fd71ede5a422632af6c8c77b2339e1ec7a61011
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
          LayeredPackages: ddcutil distrobox libvirt openssl rpmfusion-free-release rpmfusion-nonfree-release virt-manager zsh
                   Pinned: yes

  fedora:fedora/38/x86_64/silverblue
                  Version: 38.20230520.0 (2023-05-20T00:45:00Z)
               BaseCommit: 81eeb69fc36fdc3a255620ed0f23e0777f621c0b6b8a43236858ebff6b8139dd
             GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
      RemovedBasePackages: gnome-software gnome-software-rpm-ostree 44.1-1.fc38
          LayeredPackages: ddcutil distrobox gnome-shell-extension-appindicator kitty libvirt openssl rpmfusion-free-release
                           rpmfusion-nonfree-release virt-manager zsh
                   Pinned: yes

[sandorex]

I may have found a solution without having to recreate the containers, if someone else could confirm if this works for them too

I have booted back into kinoite 38.20230525.0 and even though the containers were created using that specific deployment they did not work, but running ulimit -a -S and ulimit -a -H showed different values than kinoite 38.20230527.0

For some reason hard limit for -u: processes was same as the soft limit of 111292 and when i increased it by adding following to /etc/security/limits.d/90-nproc.conf the containers worked fine

# this is an arbitrary number (3 times the original 111292)
* hard nproc 445168

[rgolangh]

Got the same on fedora silverblue 38 and a toolbox from a fedora 38 image.
To work around it I exported the container and recreated the toolbox from that image.

podman container export fedora-toolbox-38 -o toolbox-f38.tar
podman import toolbox-38.tar toolbox-f38
toolbox create --image toolbox-f38

I didn't have any extra time to debug but would be happy to supply more info

18:13 $ uname -a
Linux  6.2.15-300.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 17:37:39 UTC 2023 x86_64 GNU/Linux

18:14 $ rpm -q podman toolbox
podman-4.5.0-1.fc38.x86_64
toolbox-0.0.99.4-1.fc38.x86_64

[sandorex]

@rgolangh could you check if ulimits changed you between updates?
ulimit -a -S and ulimit -a -H on both deployments

[Cydox]

Upstream issue: containers/podman#18714
WIP fix: containers/podman#18721

[Cydox]

Upstream fix got merged containers/podman#18714

[travier]

Thanks a lot @Cydox !

[juhp]

I overrode podman to 4.6.0-1.fc38 - all my (old) fedora toolbox containers seemed to have survived...
but my recent f39 distrobox still hit this issue, sadly...

[Cydox]

@juhp What matters is the podman version that the container was created with. If your f39 distrobox was created with a podman version without the fix, it will still break if the ulimit -u decreases compared to when the container got created.

[juhp]

Thanks @Cydox for clarifying, much appreciated - was afraid that might be the case.

[ffseq]

I also am having the same problem on ublue + distrobox. None of my containers would start, followed by the same errors. I used @sandorex's podman --inspect command and found my ulimits nprocs were off by 5:
Host: 127399
podman: 127404

Changing my /etc/security/limits.conf nproc to 127404 fixed it for me.

[tpopela]

Duplicate of containers/toolbox#1312

[ikke-t]

This makes it work differently, it leads to this:

mount: /etc/machine-id: must be superuser to use mount.
       dmesg(1) may have more information after failed mount system call.
Error: failed to bind /etc/machine-id to /run/host/etc/machine-id

[travier]

This is another issue. Please file another issue here or upstream toolbox for investigation and tracking.

[travier]

This is fixed for new containers with podman 4.6 which landed in F37+. The workarounds for existing containers are in the first comment at the top. Closing.

[Elrondo46]

Problem returned with last version, same messsage. Have to recreate all pods to fix after kernel install

[travier]

Please file a new issue referencing this one