6:59 a.m.
Hi all,
RHEL9.5 is GA and with this release also podman and friends got updates.
podman-4.9.4 -> 5.2.2
Since then, I have a couple of rootless containers
that have problems with their volumes.
The minimal example is as follows:
$ cat Containerfile
FROM fedora:41
USER 1000:1000
ENV HOME=/data
WORKDIR /data
VOLUME ["/data"]
So, when started, the volume (as specified in the file) will
be created automatically.
With podmam 4.9
podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \
localhost/test:latest ls -la /data
drwxr-xr-x. 2 1000 1000 4096 Nov 20 12:44 .
dr-xr-xr-x. 1 root root 4096 Nov 20 12:44 ..
shows that the volume is mounted in the container with
the USER id. This works so far for my workload.
With podmam 5.2
podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \
localhost/test:latest ls -la /data
drwxr-xr-x. 2 999 999 4096 Nov 20 12:11 .
dr-xr-xr-x. 1 root root 4096 Nov 20 12:46 ..
shows that the volume is mounted in the container with
(USER id - 1). The user can not write to the folder and
the container fails to operate.
Forcing to use a named volume for overlay podman v5 shows
the same output but when the destination is changed to
a different directory (/side), it gets the right owner set:
podman run --rm -ti --userns=keep-id:uid=1000,gid=1000 \
-v ${RANDOM}:/side localhost:8085/shee/test:latest ls -la /side
drwxr-xr-x. 2 1000 1000 4096 Nov 20 12:51 .
dr-xr-xr-x. 1 root root 4096 Nov 20 12:51 ..
I read the changelogs but didn't find any hints for a solution.
I would appreciate any feedback, thanks!
--
Leon