[Podman] Re: permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host

First time poster.  Coming from Docker background, using Podman since May of this year. Help me make sense of this. I am testing applying certs to a container in our dev environment, before replicating it to our production container.  It was running as expected, and now I’m having issues when running the same commands (I’ve deleted the old container 1^st before starting the work again). If I run the following command: sudo podman run -d –name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus.3:30.0 [usera@hosta /]$ sudo podman run --name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0 mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied Warning:  Cannot open log file: ../sonatype-work/nexus3/log/jvm.log Warning:  Forcing option -XX:LogFile=/tmp/jvm.log OpenJDK 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to Permission denied java.io.FileNotFoundException: ../sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (Permission denied)                 at java.io.RandomAccessFile.open0(Native Method)                 at java.io.RandomAccessFile.open(RandomAccessFile.java:316)                 at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243)                 at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72)                 at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31)                 at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88)                 at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67) java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied)                 at java.io.FileOutputStream.open0(Native Method)                 at java.io.FileOutputStream.open(FileOutputStream.java:270)                 at java.io.FileOutputStream.<init>(FileOutputStream.java:213)                 at java.io.FileOutputStream.<init>(FileOutputStream.java:101)                 at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127)                 at org.apache.karaf.main.Main.launch(Main.java:243)                 at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)                 at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                 at java.lang.reflect.Method.invoke(Method.java:498)                 at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)                 at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) java.lang.RuntimeException: /nexus-data/log/karaf.log (Permission denied)                 at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102)                 at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137)                 at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70)                 at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75)                 at org.apache.karaf.main.Main.launch(Main.java:244)                 at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)                 at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                 at java.lang.reflect.Method.invoke(Method.java:498)                 at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)                 at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (Permission denied)                 at java.io.FileOutputStream.open0(Native Method)                 at java.io.FileOutputStream.open(FileOutputStream.java:270)                 at java.io.FileOutputStream.<init>(FileOutputStream.java:213)                 at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193)                 at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182)                 at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100)                 ... 12 more Error creating bundle cache. Unable to update instance pid: Unable to create directory /nexus-data/instances Exception in thread "Thread-2" java.lang.SecurityException: Could not lock User prefs. Lock file access denied.                 at java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:949)                 at java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:937)                 at java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:741)                 at java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:836)                 at java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:476)                 at java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:50)                 at java.util.prefs.FileSystemPreferences$4$1.run(FileSystemPreferences.java:454) The following directories already exist on the host:  /opt/nexus and /data/storage and are owned by nexus:nexus and the file permissions are 755. BUT, if I run the following command (with user 0): sudo podman run -dit --name hosta-nexus -u 0 -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0 Why was the container running without the -u 0, and now I'm getting permission denied at rootless?  Is there something, somewhere that is persisting that is causing the issue? Also to clear things up, I’m opening the following port on the Container to the Host:  8081:80 , but if I type in localhost:8081 or localhost:80, the UI won’t come up.  I have to inspect the running container, get the IP address, and then put in that ip address:8081 and then the web pages comes up.  I’m not sure what I’m doing incorrectly here. Thanks Chris _______________________________________________ Podman mailing list --podman(a)lists.podman.io To unsubscribe send an email topodman-leave(a)lists.podman.io