I am trying to set up gitea
using podman. I would like to have
- the data volume mapped to a host directory, because it allows me to easily inspect and backup the data
- the container process executed by a specific host user
Podman is executed by the root user, mostly because of the problems I had with podman generate systemd --new
and rootless containers ( see systemd User= directive not supported, why? and support User= in systemd for running rootless services).
To achieve the mapping with rootfull containers started mapping all the in-use container uid
s and gid
s to the host's gitea user
. I ended up with something like
podman run --rm \
--uidmap=0:$(id -u gitea):1 \
--gidmap=0:$(id -g gitea):1 \
--uidmap=1000:$(id -u gitea):1 \
--gidmap=1000:$(id -g gitea):1 \
--gidmap=42:$(id -g gitea):1 \
--volume /srv/gitea/data:/var/lib/gitea \
docker.io/gitea/gitea:1.18.0-rc1-rootless
The output that I get is
WARN[0000] Path "/etc/SUSEConnect" from "/etc/containers/mounts.conf" doesn't exist, skipping
WARN[0000] Path "/etc/zypp/credentials.d/SCCcredentials" from "/etc/containers/mounts.conf" doesn't exist, skipping
Error: OCI runtime error: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF
I succesfully ran other podman containers despite the path warnings, so I think they can be ignored.
I am running podman version 3.4.7
on openSUSE Leap 15.3 .
How can I run this container, while mapping all the in-use uid
s and gid
s to a specific host user/group?
The root cause seems to have been trying to map multiple container
uid
s ( andgid
s ) to the a singleuid
/gid
to the host. So I was trying to map ( container to host ):Instead I am know falling back to a different mapping, where just the 1000 UID/GID pair, the one actually running the Gitea app, is mapped to the host user, and others receive a different UID range using
This means that we have the following mappings
With this change, the container starts up successfully and the permissions on the host are as expected.