[Podman] Re: Podman 4.7.2 can't run imported containers by a service user. Is it a bug?

Hi Paul, Thank you very much for the answer. ... | podman load podman image ls --no-trunc podman run -d sha256:387a183d0e809fdd76f510681234e4c8e6d9afedcd10782a60302c245dc26ceb sleep infinity fe05652e56f4b9721a55158b1e2002933c1687a99dfd35a0dd7afb9c8c196825 podman run -d 387a183d0e80 sleep infinity Error: mkdir /var/empty/.cache: operation not permitted Full sha256 solved the problem. Thank you! Good to know. Thank you! Will do. Thank you! Kind regards, Hans On Monday, December 4th, 2023 at 10:28 AM, Paul Holzinger <pholzing(a)redhat.com&gt; wrote: > Hi Hans, > > yes this looks like a bug so please file a issue. I don't think we must write this file. It should be safe for podman to ignore this error. > > Did you try to use the full qualified name instated of the ID? Also I think you can set XDG_CACHE_HOME env to a writable location as workaround. > > Thanks, Paul > > > > On 03/12/2023 18:20, Hans F via Podman wrote: > > > Hi folks, > > My storage config looks like: > > > > # /etc/containers/storage.conf > > [storage] > > driver = "overlay" > > graphroot = "/custom/path/root/data" > > rootless_storage_path = "/custom/path/$USER/data" > > runroot = "/run/containers/storage > > > > And I have "service" users (that are not to supposed to be used as normal users) with such config: > > > > # /etc/passwd > > foobar:x:5000:100::/var/empty:/usr/sbin/nologin > > > > I can run a container like this: > > > > su foobar > > podman run -d docker.io/library/debian:bookworm sleep infinity > > > > but I can't import a container and run it: > > > > podman load < /tmp/image.tar.gz > > podman image ls > > podman run -d 9ff9136eaaab sleep infinity > > Error: mkdir /var/empty/.cache: operation not permitted > > > > Testing this as a "normal" user (user with writable home directory) I noticed that Podman creates the following file: > > > > ls -lA .cache/containers/short-name-aliases.conf.lock > > -rw-r--r-- 1 me users 0 Dec 3 16:45 .cache/containers/short-name-aliases.conf.lock > > > > Obviously that can't work with a "service" user since it doesn't have writable home. > > > > Could you please advise is this a bug? Should I create an issue on github? > > > > Thank you. > > > > Hans > > > > > > _______________________________________________ > > Podman mailing list -- podman(a)lists.podman.io > > To unsubscribe send an email to podman-leave(a)lists.podman.io > > -- > Paul Holzinger > Software Engineer > Red Hat > pholzing(a)redhat.com > > Red Hat GmbH, Registered seat: Werner-von-Siemens-Ring 12, D-85630 Grasbrunn, Germany > Commercial register: Amtsgericht München/Munich, HRB 153243, > Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross