Help with Podman - New to containers

Good evening,
I’m in the process of migrating an old Fedora Server tower to a mini PC. When I originally set up the server 10 years ago, I installed apps directly in the OS. I’m trying to install those apps I’m migrating my new setup in containers to make them easier to migrate in the future, and of course isolate them more from the OS.

I’ve installed Fedora Workstation 42 on my mini PC, and my first app I migrated was Plex Media Server. I installed it using Docker compose. I’ve also installed Cockpit so I can manage my workstation remotely. I have several more applications to migrate, including Pi-Hole, Unbound, Multi System Reactor, and Homebridge. In the process, i came across suggestions for using Podman instead of Docker for ease and integration into Cockpit.

I tried migrating (exporting container, importing to Podman Desktop) my Plex instance to Podman, but I came across numerous permissions issues (see log output below):

To support LSIO projects visit:
https://www.linuxserver.io/donate/

v───────────────────────────────────────
GID/UID
v───────────────────────────────────────

User UID:    1000
User GID:    1000
v───────────────────────────────────────
Linuxserver.io version: 1.41.7.9823-59f304c16-ls266
Build-date: 2025-05-27T19:32:08+00:00
v───────────────────────────────────────
    
chown: changing ownership of '/config': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
Change in ownership detected, please be patient while we chown existing files
This could take some time
8/usr/bin/find: ‘/config/Library’: Permission denied
chown: changing ownership of '/config/Library': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
:/usr/bin/find: ‘/config/*’: No such file or directory
chown: changing ownership of '/config': Permission denied
**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****
**** The app may not work properly and we will not provide support for it. ****
Temporarily starting Plex Media Server.
Waiting for Plex to generate its config
PMS: failure detected. Read/write access is required for path: /config/Library/Application Support/Plex Media Server

I tried starting from scratch, and I was still seeing permissions issues in the logs. The Docker Compose installation was very straight forward, but I’m not having the same luck with Podman.

I’ve since reverted back to Docker, and my Plex instance is rescanning my media, which takes some time. If there is a way to to simply migrate that Docker container to Podman, that would be ideal.

Does anyone have any tips when using Podman and Plex? I’ve been trying to find a tutorial, but most of the tutorials for Plex are for Docker.

It would help to see the Podman command you’re attempting to run. But I suspect it has to do with SELinux labels for your volume mounts. Try the :Z tip as described here:

1 Like

Another thing to look at is the –userns setting to map the user ID within the container to a user ID on the host for permissions purposes.

Thanks for that! I added ,Z (after the rw) on my volumes:

tmorgenthaler@hal:/compose$ cat docker-compose.yml 
---
services:
  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/New_York
      - VERSION=docker
      - PLEX_CLAIM= "claim-###############"
    volumes:
      - ./plex/library:/config:rw,Z
      - ./plex/transcode:/transcode:rw,Z
      - /mnt/unas:/media:Z
    devices:
      - /dev/dri:/dev/dri
    restart: unless-stopped

I then ran the previous command I used:

tmorgenthaler@hal:/compose$ podman compose --file docker-compose.yml up --detach
>>>> Executing external compose provider "/usr/lib/docker/cli-plugins/docker-compose". Please see podman-compose(1) for how to disable this message. <<<<

[+] Running 1/1
 ✔ Container plex  Started 

Podman shows it running as a Podman container. I checked Plex on another workstation, and I can reach it, which is fantastic!

I reviewed the logs, and I’m not seeing any issues, other than the “Critical: libusb_init failed” which, the log tells me not to worry about.

v───────────────────────────────────────
GID/UID
v───────────────────────────────────────

User UID:    1000
User GID:    1000
v───────────────────────────────────────
Linuxserver.io version: 1.41.7.9823-59f304c16-ls266
Build-date: 2025-05-27T19:32:08+00:00
v───────────────────────────────────────
    
Change in ownership detected, please be patient while we chown existing files
This could take some time
**** Server already claimed ****
Docker is used for versioning skip update check
[custom-init] No custom files found, skipping...
Starting Plex Media Server. . . (you can ignore the libusb_init error)
Connection to localhost (::1) 32400 port [tcp/*] succeeded!
[ls.io-init] done.
Critical: libusb_init failed

As the compose.yml file that is being run is originally a docker-compose.yml file, do I need to keep the User UID and GID variables, because of the nature of Podman ? Am I creating more issues, or am I just better off leaving as is, since it is running?

Also, I noticed that the conainter is still a Docker container, and not a Podman container. I guess this makes sense, since the container was originally built in Docker, and I imported it into Podman. Is there any reason to rebuild so it’s a “Podman native” container?

Sorry for the noob questions. I don’t want to get into any bad habbits that may come back to bite me later.

As a tangential observation, I have been using the plex supplied rpm for plex server on my Fedora workstation (many versions) for several years without any issues.

:100:
I have had the same results with the rpm version installed from the plex site.
(Not using docker, podman, or any other container)

$ dnf list --installed plex*
Installed packages
plexmediaserver.x86_64 1.41.3.9314-a0bfb8370 @commandline

I would keep them if it is working as intended now.

Not exactly sure what you mean. Is the container running using the Docker engine or Podman engine? In other words, does the container show up as running when queried by $ docker ps or $ podman ps?

I had as well on my old Fedora Server. I’m trying to future proof my apps, as well as isolate them, as with some of my apps, i ended up having conflicts and things got very complicated. Ideally I’ll have this one mini PC running all my apps, as opposed to my server and a couple RPis.

1 Like

If you look at my screen shot in that last post, the running containers shows as podman, but as a docker compose container (drop down arrow on the left). I’m not having that issue anymore. I got rid of the compose aspect and created it using the image directly from Podman desktop, using the Z tag on the volumes, and its running correctly now.

1 Like

Based on this, and on this line in your logs posted earlier…

>>>> Executing external compose provider "/usr/lib/docker/cli-plugins/docker-compose".

…it’s probably because you have docker-compose installed and Podman is using this for its compose functionality.

If you installed podman-compose instead of docker-compose then you could probably use the same compose file and end up with Podman-format rather than Docker-format containers.

Would recommend to ditch Podman and use docker compose with gVisor (KVM on bare metal servers, systrap otherwise) as the runtime. Less problems and much better isolation. For low-risk containers, like databases, simply use the normal docker runtime instead of gvisor. Additionally check out rules 0 to 8 of Docker Security - OWASP Cheat Sheet Series

Have you run across Quadlet? This a feature of podman that facilitates integration with systemd - ie manage your containers as systemd units.

This is one experience: Replace Docker Compose with Quadlet for Servers

Yes, I used Quadlet when I was still using Podman. Found it to be quite cumbersome to use compared to using Docker compose and throwing systemd on top of it for everything compose can’t handle natively. Would not go back to Quadlet, if I had to choose again.

I saw some advantages with Podman, like better handling of user namespaces and the daemon-less architecture, but nothing major which would outweigh the downsides. For example it did not work well with gVisor and handling Quadlet files was a worse experience than handling compose files from a usability and efficiency perspective.

If you need better isolation than docker, rootless Podman is only a slight step in the right direction, so I don’t really care about it, but using other runtimes which are actually designed to run untrusted software like gVisor and Kata are a big improvement.