0

I am trying to run a mongodb container. Everything is fine expect it doesn't boot up because it can't modify permissions of the given volume. There is a possible fix in a Red Hat article about this issue, but it probably won't work since mongodb inside the container does everything as root. (or at least I didn't succeed)

There is also a working solution posted here, but it works only if mounting the container at the same directory as in the container, which is not my case.

Is it possible to run something like this without root or the only option right now is to run it as root?

podman run -d -p 27017:27017 -v /path/to/dir:/data/db --name container_name mongo:latest

1 Answers1

4

By appending :Z to the value of the -v option, it works on Fedora 32.

This example shows that it fails without :Z but succeeds with :Z

[user@laptop ~]$ cat /etc/fedora-release
Fedora release 32 (Thirty Two)
[user@laptop ~]$ podman --version
podman version 2.0.3
[user@laptop ~]$ mkdir /home/user/datadir
[user@laptop ~]$ podman run -d -p 27017:27017 -v /home/user/datadir:/data/db --name container_name docker.io/library/mongo:latest
09db7d3aa409f74e384396d7e8861aa1cb0a3533ffceeb21b604314c240d9772
[user@laptop ~]$ podman container list
CONTAINER ID  IMAGE   COMMAND  CREATED  STATUS  PORTS   NAMES
[user@laptop ~]$ podman logs container_name
find: '/data/db': Permission denied
chown: changing ownership of '/data/db': Permission denied
[user@laptop ~]$ podman container rm 09db7d3aa409f74e384396d7e8861aa1cb0a3533ffceeb21b604314c240d9772
09db7d3aa409f74e384396d7e8861aa1cb0a3533ffceeb21b604314c240d9772
[user@laptop ~]$ podman run -d -p 27017:27017 -v /home/user/datadir:/data/db:Z --name container_name docker.io/library/mongo:latest
649c23b5e43bab97e0b446be29e9c5b6ebc26978d5faff818e078d16c35917b1
[user@laptop ~]$ podman logs container_name | grep 27017
2020-07-26T07:55:53.777+0000 I  CONTROL  [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=649c23b5e43b
2020-07-26T07:55:54.371+0000 I  NETWORK  [listener] Listening on /tmp/mongodb-27017.sock
2020-07-26T07:55:54.371+0000 I  NETWORK  [listener] waiting for connections on port 27017
[user@laptop ~]$

Quote from the man page of podman run:

The Z option tells Podman to label the content with a private unshared label.

Erik Sjölund
  • 10,690
  • 7
  • 46
  • 74