How to run podman from inside a container?

Your Dockerfile should install iptables as well:

FROM ubuntu:16.04

RUN apt-get update -qq \
    && apt-get install -qq -y software-properties-common uidmap \
    && add-apt-repository -y ppa:projectatomic/ppa \
    && apt-get update -qq \
    && apt-get -qq -y install podman \
    && apt-get install -y iptables

# To keep it running
CMD tail -f /dev/null

Then run the command with:

docker run -ti --rm podman:test bash -c "podman --storage-driver=vfs info"

This should give you the response you expect.

I tried this myself with a more permissive config (--privileged=true), with storage volumes mounted from the host and also with iptables installed in the container and was able to run it (i.e sudo apt-get install iptables).

$ podman run -it --rm -v /var/run/containers/storage:/var/run/containers/storage -v /var/lib/containers/storage:/var/lib/containers/storage --storage-driver=overlay --privileged=true  mine bash
root@e275668d7c36:/# apt-get install -y -qq iptables
...
root@e275668d7c36:/# podman info
host:
  BuildahVersion: 1.8-dev
  Conmon:
    package: 'conmon: /usr/libexec/crio/conmon'
    path: /usr/libexec/crio/conmon
    version: 'conmon version , commit: '
  Distribution:
    distribution: ubuntu
    version: "16.04"
  MemFree: 71659520
  MemTotal: 482099200
  OCIRuntime:
    package: 'cri-o-runc: /usr/lib/cri-o-runc/sbin/runc'
    path: /usr/lib/cri-o-runc/sbin/runc
    version: 'runc version spec: 1.0.1-dev'
  SwapFree: 0
  SwapTotal: 0
  arch: amd64
  cpus: 2
  hostname: e275668d7c36
  kernel: 4.15.0-1035-aws
  os: linux
  rootless: false
  uptime: 315h 17m 53s (Approximately 13.12 days)
insecure registries:
  registries: []
registries:
  registries: []
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 2
  GraphDriverName: overlay
  GraphOptions: null
  GraphRoot: /var/lib/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 4
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes

If you'd like to use docker you can use the --privileged flag too.

Keep in mind that there are other tools specifically designed to build containers and some of them without privileged mode:

• Kaniko
• img
• Buildkit
• Buildah (Companion to Podman)
• Bazel (With it's container build module)
• Knative container build templates