search

docker-library / postgres

Docker Official Image packaging for Postgres
http://www.postgresql.org
MIT License
2.16k stars 1.13k forks source link

Run with "secured" podman fail #1070

Closed emidevops closed 1 year ago

emidevops commented 1 year ago

I tried to give minimal permission to postgres using podman:

podman run --name mydatabase \
    --uts=private --hostname mydatabase \
    --pod mypod \
    --pull missing --detach \
    --cap-drop=all --read-only \
    --mount "type=volume,src=mypgdata,dst=/var/lib/postgresql/data" \
    --mount "type=volume,src=mypgrun,dst=/var/run/postgresql" \
    -e "POSTGRES_DB=mydb" \
    -e "POSTGRES_USER=mydba" \
    -e "POSTGRES_PASSWORD=supersecret" \
    -e "PGDATA=/var/lib/postgresql/data/pgdata" \
    postgres:15.2-bullseye

It fail because of:

chown: changing ownership of '/var/lib/postgresql/data/pgdata': Operation not permitted

How can I avoid this chown behavior ?

tianon commented 1 year ago

If you run your container as non-root (--user), it will not try to chown (see the "Running as an arbitrary user" section of the image description on Docker Hub).