Run podman as non root gives file permission errors

One interesting thing with podman is the ability to run as non root. But in fact I can’t do a lot of things as simple user and most of the time shall su to achieve my goals.
How can I deal with this?

Note: SELinux is enforced
Example of classic issue:

% id
uid=1004(gabx) gid=1004(gabx) groups=1004(gabx),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
% podman images 
Error: could not get runtime: error creating tmpdir /run/user/1001/libpod/tmp: mkdir /run/user/1001: permission denied
% sudo podman images
REPOSITORY                          TAG      IMAGE ID       CREATED        SIZE
docker.io/linuxserver/mariadb       latest   ab6a31f8a171   2 days ago     348 MB
docker.io/library/redis             latest   01a52b3b5cd1   12 days ago    102 MB
docker.io/linuxserver/letsencrypt   latest   474abe498014   7 weeks ago    272 MB
docker.io/certbot/certbot           latest   d2bbcca3f60e   2 months ago   117 MB

I couldn’t find on internet anything else than running podman as root, which is of course not a real issue but doesn’t take advantage of the non-root features.

Thank you for advises.

Could you try filing a bug report? I recently saw a very similar issue on the Fedora server, so this is likely a podman bug.

Hello.
Which version of podman are you using and on which system are you?

 % podman --version
podman version 1.4.4
 % cat /etc/os-release 
NAME=Fedora
VERSION="29.20190805.0 (Atomic Host)"
ID=fedora
VERSION_ID=29
VERSION_CODENAME=""
PLATFORM_ID="platform:f29"
PRETTY_NAME="Fedora 29.20190805.0 (Atomic Host)"

When reading this article about rootless podman on RedHat website, I tried to run the following mentioned command:

 % podman unshare cat /proc/self/uid_map
Error: could not get runtime: error creating tmpdir /run/user/1001/libpod/tmp: mkdir /run/user/1001: permission denied

I shall be able to run this command, as unshare has to be ran as non-root

So? Shall I open a bug report, as suggested by Refi64 ?

This looks like podman is not allowed to create content in /run/user/1001 while you are running as user 1004

% id
uid=1004(gabx) gid=1004(gabx) groups=1004(gabx),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
% podman images 
Error: could not get runtime: error creating tmpdir /run/user/1001/

Which means to me that XDG_RUNTIME_DIR is not being set correctly.

1 Like
% id
uid=1004(gabx) gid=1004(gabx) groups=1004(gabx)
% env | grep XDG_RUNTIME_DIR           
12:XDG_RUNTIME_DIR=/run/user/1004

So user gabx XDG_RUNTIME_DIR is set correctly. Now, if I follow you, this directory shall exist for user 1001 and be RW for podman, right?
getent passwd or getent group returns nothing about user 1001 or user podman. So I can’t figure out how /run/user/1001 can be created. By who?
Would you mind please gimme some hints?
Thank you in advance

EDIT: shall I add a system user podman with id 1001, or something similar?