I was using podman kube play --replace --no-hosts --userns=keep-id --start=false ./kube.yaml to start multiple containers, I realized only one of them actually supported rootless operation, so I tried specifying io.podman.annotations.userns on only the ones that did, but they immediate show no permissions and fail when I start them up.
Steps to reproduce the issue
Steps to reproduce the issue
Run a rootless container with --userns=keep-id flag with podman kube play
Then try if that works, then transfer it into the kube.yaml file's io.podman.annotations.userns and run without the --userns=keep-id flag
The rootless container should no longer work
Describe the results you received
When trying to run the gitea-rootless container I get the following:
chmod: /var/lib/gitea/git: Operation not permitted
/var/lib/gitea/git is not writable
docker setup failed
chmod: /var/lib/gitea/git: Operation not permitted
/var/lib/gitea/git is not writable
docker setup failed
Describe the results you expected
For keep-id to be applied to just the pod definitions it appears on
4.6.2 is the latest I can run since that's the most recent one that builds for Ubuntu22.04
Also, just realized after writing my scripts to explicitly run each pod yaml separately, with the flag instead, all my kube.yaml are pod definitions, not deployments, if that effects it.
Issue Description
I was using
podman kube play --replace --no-hosts --userns=keep-id --start=false ./kube.yaml
to start multiple containers, I realized only one of them actually supported rootless operation, so I tried specifyingio.podman.annotations.userns
on only the ones that did, but they immediate show no permissions and fail when I start them up.Steps to reproduce the issue
Steps to reproduce the issue
--userns=keep-id
flag withpodman kube play
kube.yaml
file'sio.podman.annotations.userns
and run without the--userns=keep-id
flagDescribe the results you received
When trying to run the
gitea-rootless
container I get the following:Describe the results you expected
For
keep-id
to be applied to just the pod definitions it appears onpodman info output
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
No
Additional environment details
No response
Additional information
4.6.2 is the latest I can run since that's the most recent one that builds for Ubuntu22.04
Also, just realized after writing my scripts to explicitly run each pod yaml separately, with the flag instead, all my
kube.yaml
are pod definitions, not deployments, if that effects it.