I get the below error even though I’m running as host user 1000 and have .files/ and .db/ folder ownership as specified in docs. What could be causing this? Thanks in advance.
usr1@rpi3 vikunja]$ id
uid=1000(usr1) gid=10(wheel) groups=10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[usr1@rpi3 vikunja]$ podman --version
podman version 5.3.1
[usr1@rpi3 vikunja]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/vikunja/vikunja latest c6d11cd3bf3d 12 days ago 89.3 MB
[usr1@rpi3 vikunja]$ ls -lR
.:
total 12
-rw-r--r--. 1 usr1 wheel 737 Jan 3 00:34 compose.yaml
drwxr-xr-x. 2 usr1 wheel 4096 Jan 3 23:31 db
drwxr-xr-x. 2 usr1 wheel 4096 Jan 3 23:31 files
./db:
total 0
./files:
total 0
[usr1@rpi3 vikunja]$ podman run -p 3456:3456 -v $PWD/files:/app/vikunja/files -v $PWD/db:/db vikunja/vikunja2025-01-03T23:50:32Z: INFO ▶ 001 No config file found, using default or config from environment variables.
2025-01-03T23:50:32Z: INFO ▶ 002 Running migrations…
2025-01-03T23:50:32Z: CRITICAL ▶ 003 Could not connect to db: could not open database file [uid=1000, gid=0]: open /db/vikunja.db: permission denied
Thank you for unlocking my account and taking the time to get back.
I have since resolved the permission issue above which was due to the following…
SELinux (not uncommon when running with podman) requires security context/labels to be be applied when bind mounting host-dir volumes. This can be achieved by appending :Z to the volume declaration…
With rootless containers running as a non-root container user (i.e. uid: 1000) the host-dir volumes need to be owned by the host users subuid offset. This can achieve by running…
$ podman unshare chown 1000 files db
which results in…
$ ls -lZ
total 12
-rw-r--r--. 1 usr1 usr1 unconfined_u:object_r:user_home_t:s0 756 Jan 20 22:09 compose.yaml
drwxr-xr-x. 2 525287 usr1 system_u:object_r:container_file_t:s0:c150,c184 4096 Jan 20 23:01 db
drwxr-xr-x. 2 525287 usr1 system_u:object_r:container_file_t:s0:c150,c184 4096 Jan 3 23:31 files
Hope this may be of use to others trying to use podman as a container runtime.
Thank you for creating this wonderful open source project!