Podman - pgadmin4 permission denied when volume mounting

Question

I'm trying to create a podman run script that rungs dpage/pgadmin4 but it can't create the volume mount

i run the following

podman run -d --name pgadmin \
    --network=host \
    -v "$PGADMINDATA":/var/lib/pgadmin:z \
    -e PGADMIN_DEFAULT_EMAIL=$USERNAME \
    -e PGADMIN_DEFAULT_PASSWORD=$PASSWORD \
    -e PGADMIN_LISTEN_PORT=$PORT \
    --user 5050:5050 \
    dpage/pgadmin4:8.12.0

what i've tried:

added --user 5050:5050

ran it with the :z flag

checked if podman is rootless

podman info | grep rootlesstrue

checked that the id in the container is correct

/pgadmin4 $ id uid=5050(pgadmin) gid=5050(5050)

changed owner of the directory on the host machine

sudo chown -R 5050:5050 data && sudo chmod -R 775 data

verified that it works

ls -la 4 drwxrwxr-x 2 5050 5050 4096 Oct 6 12:19 data

still getting the error

ERROR  : Failed to create the directory /var/lib/pgadmin/sessions:
           [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'

i run this on ubuntu 22 in wsl 2 on windows 11

Answer 1

z only takes care of the SELinux context, you also need U to handle user id mapping.

The error you're getting is a regular permission error: Failed to create the directory /var/lib/pgadmin/sessions.
In a rootless podman setup your user id gets mapped to root inside the container. User 5050 in the container can't write to directories owned by root. Chowning it to 5050 on the host doesn't make in 5050 in the container. The correct uid to set is your subuid + 5050 - 1. It is found with:

podman info -f "{{ json .Host.IDMappings }}"

But adding ,U to the mount options will do that for you.

podman run -d --name pgadmin \
    --network=host \
    -v "$PGADMINDATA":/var/lib/pgadmin:z,U \
    -e PGADMIN_DEFAULT_EMAIL=$USERNAME \
    -e PGADMIN_DEFAULT_PASSWORD=$PASSWORD \
    -e PGADMIN_LISTEN_PORT=$PORT \
    --user 5050:5050 \
    dpage/pgadmin4:8.12.0