2

I am running MongoDB in a OCI container (docker.io/library/mongo). I want to mount a host directory inside the container at /data/db (a hostPath mount in Kubernetes parlance). I am using Podman on Fedora Silverblue (a Docker alternative with the same CLI) though I don't think the problem is with Podman or Silverblue incompatibility.

Using:

podman run --name container_name -p=27017:27017 --mount type=bind,source=/path/to/dir,target=/data/db -d mongo

or

podman run --name container_name -p=27017:27017 -v /path/to/dir:/data/db -d mongo

the container exits with to following logs:

cannot configure rootless cgroup using the cgroupfs manager
find: '/data/db': Permission denied
chown: changing ownership of '/data/db': Permission denied

The user id for the mongo user in the container is 999 and I have tried changing the host's directory to this user but this does not help. I have also tried setting the host's folder to have global r/w access, but again this does not help.

BMitch
  • 231,797
  • 42
  • 475
  • 450
Tintin
  • 547
  • 5
  • 17
  • Can you add some information about the ownership and permissions on `/path/to/dir`? And are you running `podman` as `root` or as a non-`root` user? I've tried both and I cannot reproduce the error you're seeing. – larsks Jan 02 '20 at 05:10
  • 1
    @larsks I am running podman as non-root. The `/path/to/dir` belongs to the same non-root user and has permissions `drwxrwxr-x`. I have discovered that if I add `relabel=shared` to to mount option the container mounts correctly, so I guess it is a permission problem. – Tintin Jan 02 '20 at 07:12

1 Answers1

3

It turns out that adding relabel=shared allows the directory to mount. So the command becomes podman run --name container_name -p=27017:27017 --mount type=bind,destination=/data/db,relabel=shared -d mongo

Tintin
  • 547
  • 5
  • 17