buildah fails in nested container, while podman runs with same configuation

[avikivity]

Issue Description

On main (e886f27)

I have a nested container configuration (rootfull-in-rootless). The outer container is running with --privileged, and I bind-mount the host ~/.local/share/containers into the outer container.

The outer container adjusts the storage settings so:

# cat /etc/containers/containers.conf.d/nested.conf 
[engine]
static_dir = "/home/avi/.local/share/containers/storage/libpod"
volume_path = "/home/avi/.local/share/containers/storage/libpod"

[containers]
# netns = private, the default, doesn't work in nested containers,
# and we don't mind using the host network anyway.
netns = "host"

podman works with this configuration - it can run containers, pull images; the outer container's storage and host storage look fully shared.

However, buildah does not. Running in the outer container, trying to create an inner container:

bash-5.2# buildah from docker.io/fedora:42
Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
WARN[0000] failed to shutdown storage: "'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver" 

I checked with strace and buildah does read my nested.conf.

Steps to reproduce the issue

Steps to reproduce the issue

1. Create an outer container with --privileged and ~/.local/share/containers bind-mounted, and storage configuration redirected into though directories
2. install buildah in the outer contain
3. run buildah from fedora:42 to create an inner container

Describe the results you received

Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver

Describe the results you expected

inner container created

buildah version output

Version:         1.41.0-dev
Go Version:      go1.23.8
Image Spec:      1.1.1
Runtime Spec:    1.2.1
CNI Spec:        1.1.0
libcni Version:  v1.3.0
image Version:   5.35.0
Git Commit:      e886f271eef26768c658f618003d53fd01f749df
Built:           Tue Apr 29 22:34:20 2025
OS/Arch:         linux/amd64
BuildPlatform:   linux/amd64

buildah info output

Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
WARN[0000] failed to shutdown storage: "'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver"

Provide your storage.conf

Using Fedora 41 defaults for the outer container, and Fedora 42 defaults for the host.

Adjustment for outer container (in /etc/containers/containers.conf.d):

[engine]
static_dir = "/home/avi/.local/share/containers/storage/libpod"
volume_path = "/home/avi/.local/share/containers/storage/libpod"

[containers]
# netns = private, the default, doesn't work in nested containers,
# and we don't mind using the host network anyway.

Upstream Latest Release

Yes

[avikivity]

Upstream Latest Release
Yes

Actually no, I'll try to build buildah 1.40.0.

[avikivity]

Reproduced with main (e886f27)