[ctalledo]

Unfortunately not. Sysbox requires "true root" privileges, so it can't run inside a system container deployed by Sysbox itself (since that system container would use the user namespace). You can run Sysbox inside a privileged container however, and in fact the Sysbox test framework relies on this heavily.

What use case do you envision for running sysbox in sysbox?

[danielheath]

No OP but one of my first questions about any layer is “how transparent is it”. If it can’t host itself, it’s clearly not 100% transparent.

This matters because it adds cognitive overhead - I have to keep track of which features are available at which layer.

[ctalledo]

Agreed; it's certainly something we will keep in mind as we mature Sysbox.

[swsieber]

It's mostly curiosity. Probably docker in docker in docker.

[ctalledo]

Got it; note that inside a system container you can always run docker-in-docker using privileged containers (https://hub.docker.com/_/docker). That is, you don't need sysbox nesting in order to run more levels of docker nesting inside the system container. And those privileged containers would only be privileged within the system container, but not at host level.

[swsieber]

Oh, that's cool. TIL. Thanks for taking the time to respond to something pretty far off in the weeds.